Bulk-check DNS, SSL and email auth for a whole list of domains (no scraping)

If you've ever had a spreadsheet of domains — a lead list, an acquisition target's
footprint, your own portfolio — and needed DNS records, WHOIS, SSL expiry, or email
authentication for all of them, you know the pain: single-domain web tools don't
scale, and dig / whois / openssl loops are fiddly to parse.

Here's how I think about pulling clean, structured domain intelligence in bulk —
and the three small tools I built so I never have to write that loop again.

1. DNS + WHOIS + SSL, in one pass

For each domain you usually want three things together:

• DNS — A/AAAA/MX/NS/TXT/CNAME (where it points, who runs mail, the DNS provider)
• WHOIS — registrar, creation/expiry dates, status, name servers
• SSL — issuer, the valid_from/valid_to window, SAN list

The trick is to do them as protocol calls (DNS resolution, a TLS handshake, WHOIS
on port 43) rather than scraping any website — protocol surfaces are stable, so the
output doesn't break when sites redesign.

If you don't want to wire that yourself, I packaged it as
Domain Intelligence on Apify:
paste a list of domains, get one clean JSON row each. ($0.01/domain, no proxies.)

2. Email authentication (MX / SPF / DMARC / DKIM)

Deliverability and security both hinge on the same DNS records:

• MX present? which provider? (aspmx.l.google.com → Google Workspace, etc.)
• SPF — is there a v=spf1 TXT record, and is the qualifier -all (strict) or ~all?
• DMARC — _dmarc TXT with p=reject / quarantine / none?
• DKIM — does a common selector (google, selector1, k1…) publish a key at <selector>._domainkey.<domain>?

A domain with MX + SPF -all + DMARC reject + DKIM is a "strong" setup; missing
DMARC is the most common gap. You can score a whole list this way in seconds — no SMTP
probing required (which mail servers block anyway). I put this in
Bulk Email Deliverability Checker.

3. The website itself (metadata + tech + security headers)

The HTTP layer rounds out the picture: final URL after redirects, status, <title>,
meta/Open Graph, Server/X-Powered-By, the security headers (HSTS, CSP,
X-Frame-Options…) graded present/missing, and lightweight tech hints (Cloudflare,
nginx, Next.js, Shopify, WordPress…). Useful for SEO audits, tech research, and
lead enrichment: Website Metadata & Tech Profiler.

Putting it together

For lead enrichment you might run all three over a list of company domains: WHOIS for
registrar/age, DNS MX for the email stack, the web profiler for the tech stack, and the
email checker for deliverability — a quick technographic profile per domain, exported
to CSV or pulled via API.

All three are protocol-based and low-maintenance by design. Code and notes:
github.com/weiseer. Happy to take requests for fields to add —
what would you want in a bulk domain report?