JayQuery

SPF, DMARC, DKIM score plus MX, NS, MTA-STS, TLS-RPT, DNSSEC via DoH, and Entra OIDC tenant probe.

JayQuery checks how the domain of the tab you’re viewing handles email authentication and related DNS, using DNS-over-HTTPS (Cloudflare primary, Google fallback). Open the extension on any http/https page to see a score out of 10 and a clear breakdown for each area. What it checks SPF, DMARC, and DKIM — how well the domain is set up for outbound mail authenticity (DKIM uses common selectors; toggle Tab hostname vs root domain where it applies). DMARC is always evaluated at the organizational domain (_dmarc), consistent with how policy is published in the real world. More DNS signals (on the org domain): MX, authoritative NS, MTA-STS (_mta-sts), TLS-RPT (_smtp._tls), and DNSSEC-related signals. Each protocol card includes a graded checklist (pass / warn / fail) so you can see why something scored the way it did. Privacy-minded: The extension uses the tab URL to know which host/domain to query; it does not inject scripts into page content for these checks. Queries go to public DoH endpoints only. Settings are stored locally in the browser. Good to know: Results reflect public DNS; internal or split-horizon zones won’t show here. DKIM discovery uses a fixed set of common selectors; unusual selector names may not be detected. This tool is for inspection and learning, not a guarantee of deliverability or security by itself. Inspired by the same class of checks as projects like DNSHealth, implemented for the browser in TypeScript (Manifest V3).