(no title)

However, some checks have bugs or they makes no sense:

1. SPF missing ?all is broken, it report missing when it is there

2. Checking SOA records makes no sense in 2025. Their serial formats is irrelevant in modern DNS services that don't even use AXFR/IXFR

3. Checking for SOA TTL or minimal is also useless, unless the TTL is higher than 7 days. Really, it is up to the DNS admin to set very low TTL

4. Checking if different record types have different TTL makes zero sense, again it is up to the domain owner

5. DMARC/DKIM well, debatable. It has nothing to do with DNS per see and a lot of SMTP admins find them useless. A proper SPF with "-all" is enough to prevent using your domain for mail spoofing. DKIM and DMARC is usually a waste of time, and spammers always get it right anyway. I would go as far as to say that if you operate SMTP server, don't bother to check or add DKIM and definitely ignore DMARC.