Next-Gen-IT Example Deliverable

Shonna King domain health audit report.

A domain health, email authentication, and web availability assessment for shonnaking.com. The report turns public DNS and mail-health findings into a clear remediation plan.

Client
Shonna King
Primary domain
shonnaking.com
Prepared by
Next-Gen-IT
Source report date
April 24, 2026
Back to Next-Gen-IT View Starsky Owen example

Executive Summary

The sample domain health scan returned 13 problems: 6 errors and 7 warnings, against 416 passing checks. On review, those items collapse into three root causes: a public website availability failure, missing DMARC, and several Google MX warning items that are best documented as known noise.

Reputation is clean, DNS fundamentals are mostly sound, and inbound mail is delegated to Google Workspace. The fastest remediation path is to restore the website, publish SPF/DMARC, verify DKIM signing, and then move DMARC from monitoring to enforcement.

13Total reported problems
2Critical remediation tracks
358/358Blacklist checks clean
This is an example deliverable based on the supplied Shonna King domain-health report content. No private systems are implied or accessed.

Current-State Flow

The public-facing paths separate into three lanes: inbound mail, outbound authentication, and web traffic. Inbound delivery routes to Google Workspace; outbound trust is weakened by missing DMARC; web visitors hit an active availability failure.

INBOUND MAIL OUTBOUND AUTH WEB TRAFFIC External sender messages domain Google Workspace MX delivery works SMTP warnings Google MX noise Google sends on domain behalf DMARC missing spoofing exposure Recipient inbox may throttle/spam DNS resolves domain found HTTP 530 origin unreachable Visitor sees error site is dark

Figure 1 — Simplified current-state flow for shonnaking.com.

Findings & Recommended Actions

Critical

Public website returns HTTP 530

The domain is reachable at the DNS layer, but the origin web server is not serving the public site. Visitors see an error instead of the business presence.

Critical

No DMARC record is published

Without DMARC, the domain is easier to spoof and mailbox providers have less trust in outbound messages.

Host:  _dmarc.shonnaking.com
Type:  TXT
Value: v=DMARC1; p=none; rua=mailto:dmarc-reports@shonnaking.com; fo=1
High

Confirm SPF is published and complete

Because mail is delegated to Google Workspace, root TXT records should authorize Google to send.

Host:  shonnaking.com
Type:  TXT
Value: v=spf1 include:_spf.google.com ~all
High

Verify DKIM signing in Google Workspace

Before moving DMARC to enforcement, generate the Google DKIM key, publish the TXT record, and enable signing.

Low

SOA expire value is cosmetic

Adjust the DNS SOA expire value during routine DNS cleanup; this is not the priority compared to website and email authentication.

Ignore

Google MX rDNS/banner warnings are known noise

These warnings reference Google inbound mail servers, not client-controlled hosts. Document them so they are not treated as repeat remediation items.

Sequenced Remediation Roadmap

01
Day 1
Restore website availability. Diagnose the HTTP 530 at the DNS/origin layer and point the domain to a live site or holding page.
02
Day 1
Publish or confirm SPF and enable DKIM. Make sure legitimate Google Workspace mail aligns before enforcement.
03
Day 1
Publish DMARC at p=none. Start collecting aggregate reports without risking legitimate mail delivery.
04
Weeks 2–4
Move to quarantine after clean reports. Fix any legitimate sender alignment problems first.
05
Week 6+
Move DMARC to reject. Optionally publish BIMI once enforcement and logo requirements are ready.