EASM Domain Security
Properly configured email authentication records help protect your organization’s domains against threats such as spoofing and phishing. Domain Security in EASM allows you to assess domains by monitoring the DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) records of your internet-facing domains. Any missing or misconfigured record is categorized and displayed as SPF or DKIM finding type.
Each finding in the SPF and DKIM records is assigned a QDS (pre-defined by Qualys) score that indicates the level of risk associated with that finding. This helps you prioritize which domains need immediate remediation.
You can view this information in the Domain Security tab under Inventory > EASM > Domains. You can
To access this tab, ensure that the Domain Security toggle is enabled for the EASM Profile.
For more information on EASM profile, refer to Configuring External Attack Surface Management.
View your Domain Security Details
The Domain Security tab displays the following information:
| Data | Description |
|---|---|
| Finding Type | Displays the type of record where a misconfiguration or missing detail is detected, such as DKIM or SPF. |
| Detection | Displays the specific issue detected in the record. For example, No DKIM TXT record found, and Multiple SPF records. |
| Identifier | Displays the unique identifier of the SPF or DKIM records. |
| QDS | Displays the Qualys Detection Score (QDS) assigned to the finding. This indicates the severity or risk level associated with the misconfiguration.
For more information on the QDS scores, refer to QDS Scores. |
| First Detected | Displays the date and time when the issue is first discovered. |
| Last Detected | Displays the date and time when the issue was last discovered. |
| Domain | Displays the domain name where the issue is detected. |
| Asset | Displays the assets associated with the domain. |
QDS Scores
Qualys assigns a QDS score to each finding based on the detected issue. The table below shows the QDS scores for the SPF and DKIM findings.
| Finding | QDS Score |
|---|---|
| SPF | |
| Recursion Error | 90 |
| No SPF record for Redirect Modifier | 90 |
| No SPF record for Include Mechanism | 90 |
| No SPF record for domain | 90 |
| Multiple SPF records | 90 |
| Improperly formatted record | 90 |
| DKIM | |
| No DKIM TXT record found | 90 |
| Missing p tag | 90 |
| Empty p tag value | 90 |
| Malformed p tag value | 90 |
| Public key size | If greater than or equal to 2048 bits, the score is 0. |
| If between 1024 to 2047 bits, the score is 55. | |
| If lower than 1024 bits, the score is 80. | |
| Missing k tag | 90 |
| Malformed k tag value | 90 |
| Record intended for testing purpose | 30 |
| Missing v tag | 90 |
| Malformed v tag value | 90 |
| Missing tag/malformed tags | 90 |
Detection Summary
You can view a detailed summary of a finding by clicking the issue listed in the Detection column. The summary provides additional details about the detection, including the description and detection result.
Download Domain Security Data
To download your domain security data, navigate to the Domain Security tab and click Download. On the Download Format window, you can select one of the following formats: CSV, HTML, XML, and PDF.
To create a detailed report, click Create a Report on the Download Formats window or navigate to the Reports tab and click Create Report. Select the Domain Security report under the Externally Exposed Asset Details category.
For more information on creating a report, refer to External Attack Surface Reports.
