We watch your domains from the outside and tell you what to fix first
SkyQon checks the certificates, DNS and email authentication your domains present to the internet, scores what it finds, and gives your team the exact fix. Higher plans turn your posture into signed evidence your auditor, insurer or board can verify for themselves.
Live results in about ten seconds. No signup, no email. Enter a public domain, like example.eu.
Your apps and endpoints are monitored. Your domain's trust layer usually isn't.
A mailbox provider judges your DMARC policy. A browser judges your certificate chain. An auditor asks for evidence. SkyQon watches all three views of your domain and turns the gaps into work your team can schedule.
Email Trust
SPF, DKIM, DMARC, BIMI, MTA-STS, TLS-RPT and spoofing exposure.
DNS Trust
DNSSEC, nameserver health, risky records and DNS hygiene.
Certificate Trust
Expiry, issuer changes, inventory and renewal risk.
TLS Security
HTTPS configuration, protocol strength, ciphers and chain trust.
Subdomain Risk
Exposed, abandoned and takeover-prone subdomains.
Brand Protection
Lookalike domains, typosquatting and phishing infrastructure.
Registrar Monitoring
Lock status, nameserver and WHOIS changes, expiry dates.
Compliance Evidence
Exportable NIS2 / audit evidence and board-ready reports.
Post-Quantum Readiness
Assess cryptography and plan the certificate transition.
DORA Trust Center
DORA evidence for financial-sector clients and their ICT vendors — a supplier-readiness trust page, Register of Information support and audit-ready exports.
Cloud & internal coverage
Begin with agent-less external scanning, then extend with cloud connectors and an optional internal agent to inspect private networks and cloud certificate stores. Available on Growth and Enterprise.
Every finding arrives with its fix attached.
SkyQon turns DNS, email, certificate and TLS findings into remediation steps your team can complete.
- Plain-language explanation of every finding
- What it costs the business if left unfixed
- Exact DNS fixes with copy-paste-ready records
- One-click verification once you've applied a change
- Before / after view of the score impact
Add an enforced DMARC record so spoofed mail from your domain is rejected:
_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; pct=100; adkim=s; aspf=s"
A trust score you can defend, not a vanity number
SkyQon separates what we checked from how secure you are, so a single weak control never hides behind broad coverage.
Scan coverage
How much of your domain estate SkyQon has inspected.
Security posture
How strong the controls are across everything we inspected.
Domain Trust Score
Derived from coverage and posture, with both inputs always shown.
Don't take our word for it. Verify a report yourself
Every SkyQon report is digitally signed (PAdES) and carries a SHA-256 content hash. Anyone you share it with can check its integrity on our public verifier, no account needed.
Download a sample report
A real NIS2 evidence report, signed, with the scoring inputs shown.
Verify it in your browser
Drop any SkyQon report into the public verifier and it checks the signature and content hash for you.
Built on the full EU trust registry
SkyQon tracks all 32 EU and EEA trust-list territories, around 4,900 qualified trust services, to verify QWACs and qualified seals against the official source.
Built by people who run production trust infrastructure
SkyQon is built and operated in the EU by engineers who run production PKI, EJBCA certificate authorities and eIDAS-aligned trust services for a living. The scoring rules, the evidence formats and the fixes come from that operational practice.
We are onboarding ten design partners in the Benelux
Early access and direct time with the engineers who build SkyQon, in exchange for honest feedback. If you operate domains that matter, we would like to hear from you.
For every team that owns a domain
SaaS companies
An expired certificate or a rejected signup email costs revenue the hour it happens. Catch both weeks early.
MSPs & IT providers
Watch every client domain from one account and hand each client a report with their name on it.
Security teams
Your EDR does not read DNS zones. Spoofing and takeover risk live in that blind spot.
Compliance teams
NIS2 Article 21 asks you to show working controls. Export the evidence, signed and reproducible.
Agencies
A client's lapsed certificate lands on your desk either way. Get the warning first.
Executives
Know your score before the auditor or the enterprise buyer asks for it.