TomProtects

Free email security check

Protect the business behind the brand

Start with a free check of your domain's email authentication — SPF, DKIM, and DMARC. Get a grade and the exact gaps, in plain English.

We only read public DNS records. Enter your email to get your grade and fix-it guide.

See how it works →

Sample audit findings

The free check covers email. The full audit goes much deeper.

Here's the kind of thing a real review surfaces — the gaps you can't see from a DNS lookup alone:

High risk

No 2FA on the domain registrar

The single account that controls your domain — and therefore your email and website — protected by a password alone.

High risk

A reused, breached password

The login for a critical account found in a known data breach and reused elsewhere. One of the most common ways businesses get taken over.

High risk

Shared registrar / hosting login

One set of credentials handed to a VA or contractor, never rotated, with full control of your domain.

Needs attention

DMARC set to p=none (or missing)

Anyone can spoof your domain and email your customers as you. No enforcement, no reporting.

Needs attention

Personal details exposed in WHOIS

Home address and phone number published in public domain records because privacy was never switched on.

Needs attention

A forgotten subdomain pointing nowhere

An old subdomain still aimed at a service you stopped using — a quiet takeover risk most owners never see.

See what your audit surfaces →

The reality

Three things attackers already know about your business

🔑

Email is the master key

Every password reset — your bank, Stripe, your course platform — flows through your inbox. Lose control of email and an attacker can walk into everything else.

🌐

Your domain is your identity

Your domain is your brand, your email, and your reputation. If it lapses or gets hijacked, the business behind it goes dark with it.

💳

Revenue platforms are targets

Stripe, Kit, Kajabi, Circle — the tools you get paid through are exactly what attackers go after. They follow the money, and the money runs through your stack.

Who this is for

Built for the people who earn through their audience

✍️

Creators

You sell courses, memberships, or a paid newsletter, and your audience trusts your name.

🧭

Consultants

Your reputation is the product. A spoofed email or hijacked domain hits where it hurts most.

🛒

Online business owners

You run on Stripe, Kit, Kajabi, and Circle — and a gap in any one of them puts revenue at risk.

How it works

Async by default. Calls optional, both ends.

1

Start with the form or a call

Tell me your domain and the platforms you run on. Prefer to talk it through first? A short intro call is optional.

2

I review and report

I dig into your domain, email auth, registrar, WHOIS, and subdomains, then write it up in plain English — typically 5–7 business days.

3

Walkthrough or async

We review the findings on a call, or you take the written report and work through it at your own pace. Your choice.

What you get

A complete picture — and an exact list of what to fix

  • A written report in plain English — every finding, prioritized
  • Full DNS review
  • Email authentication: SPF, DKIM, DMARC
  • Registrar security review
  • WHOIS / privacy exposure check
  • Subdomain inventory
  • A prioritized action list with exact values to change

Pricing

Launch price — going up as spots fill

Domain & Deliverability Review

Launch price

$297 one-time

$297 now → $497 → standard. Spots are limited — the price goes up as they fill.

Early reviews are intentionally underpriced while I build testimonials.

  • Full domain & deliverability report
  • SPF / DKIM / DMARC review
  • Registrar security review
  • Prioritized fix list with specific values
  • Optional intro + walkthrough calls
  • 30-day follow-up
Start your review

No retainers. No upsells. Fixed price. Payment is collected after scope is confirmed via the intake form.

My goal is simple: leave you with more than you paid for. If something in your report isn't clear or actionable, tell me — I'll make it right.

About

Hi, I'm Tom.

I've spent 20+ years in IT and cybersecurity — protecting organizations from the same threats that now target online businesses. I help creators, consultants, and business owners lock down the domain, email, and platforms their livelihood runs on. No jargon, no fear-mongering — just clear, practical fixes.

CISSP · CISM · CDPSE · 20+ years

From the newsletter

Latest writing

Read the blog →

Ready when you are

Get practical security tips — and check your domain free

Join the newsletter for plain-English security and deliverability tips for online businesses.