Why does /audit return in ~3 seconds?

We read DNS and key email header fields only, use parallel resolvers with 2s timeouts, and return structured results with suggestions.

What is Proof‑of‑Scan?

We hash canonical JSON (sha256) and provide a Verify endpoint to recompute via multiple public DNS resolvers and compare hashes.

Do you store email bodies?

No. We never store bodies. We parse headers only, delete .eml right after parsing, and keep PDF/JSON for evidence.

DNS migration postmortem: how to avoid overwrite incidents

When moving DNS providers, TXT flattening, defaults, and manual copy/paste often cause drift — especially for SPF/DMARC records. This playbook avoids common pitfalls and keeps a verifiable audit trail.

Check quickly

Do this (pre‑cut)

Export current DNS (authoritative copy) and keep as rollback reference
Validate long TXT split & quoting; avoid provider auto‑wrap
Count SPF lookups and document include chains

Cut & verify

Import carefully; re‑count SPF lookups; ensure no duplicate TXT
Run audit and save PDF evidence with scanId/sha256
Open Verify link to show recompute match

DNS migration postmortem: how to avoid overwrite incidents

Check quickly

Do this (pre‑cut)

Cut & verify

Next steps