Domain Security Info

Enterprise Scanning

Updated May 1, 2026, 8:28 AM

Enterprise scanning lets administrators set up automated, recurring analysis of groups of domains. Instead of waiting for someone to look up a domain on the public website, the system can proactively scan thousands of domains on a schedule and store the results for review.

What enterprise scanning does#

Enterprise scanning:

  • Analyzes domains automatically on a schedule you set.
  • Stores complete analysis results, including DNS records, security checks, and WHOIS data.
  • Detects changes between scans and flags them for review.
  • Tracks security scores over time so you can see trends.
  • Groups domains by tags (such as industry, company list, or region) for organized reporting.

All enterprise scanning data is only available to administrators. Public users do not see scan results, schedules, or historical data.

Enterprise scanning pages#

The admin interface has five pages for enterprise scanning, found under the Enterprise Scanning section in the navigation:

Domain Tags#

Organize domains into groups using tags. Tags let you create scan schedules that target specific groups of domains.

Examples of domain tags:

  • fortune-500 โ€” Fortune 500 companies
  • financial-services โ€” Banks and financial institutions
  • healthcare โ€” Healthcare organizations
  • government โ€” Government agencies

Scheduled Scans#

Create and manage automated scan schedules. Each scheduled scan defines:

FieldWhat it controls
NameA descriptive name for the scan (for example, "Weekly Fortune 500 scan").
FrequencyHow often the scan runs (for example, daily, weekly).
Domain selectionWhich domains to include, based on tags, priority, or other criteria.
StatusWhether the scan is active (running on schedule) or paused.
Next runWhen the scan will next execute.

To create a scheduled scan:

  1. Go to Scheduled Scans under Enterprise Scanning.
  2. Click Add Scheduled Scan.
  3. Give it a name and configure the frequency and domain selection.
  4. Click Save.

To activate a scan:

  1. Find the scan in the list.
  2. Click Activate to start it running on schedule.

Scan Runs#

View the history of scan executions. Each scan run shows:

FieldWhat it shows
Scan nameWhich scheduled scan was executed.
Start timeWhen the scan started.
End timeWhen the scan finished.
Total domainsHow many domains were included.
CompletedHow many finished without errors.
FailedHow many encountered errors.
StatusWhether the run completed, failed, or is still running.

Click on a scan run to see detailed results for each domain.

Scan Logs#

View detailed logs from scan operations. Logs include:

  • Which domains were scanned and in what order.
  • How long each domain took to analyze.
  • Any errors that occurred during scanning.
  • Changes detected compared to previous scan results.

Logs are useful for troubleshooting scan failures and understanding scanning performance.

Reports#

View aggregated reports across scan results. Reports can show:

  • Technology adoption โ€” Which DNS providers, email providers, and security technologies are used across the scanned domains.
  • Security posture โ€” How domains score on email security (SPF, DKIM, DMARC) and web security (DNSSEC, HSTS, CAA).
  • Trends โ€” How security scores and technology adoption change over time.

How scanning works#

When a scheduled scan runs, the system:

  1. Selects the domains based on the scan's criteria (tags, priority, etc.).
  2. Queues each domain for analysis.
  3. Processes the queue in batches, running DNS lookups and security checks for each domain.
  4. Stores the full analysis results.
  5. Compares results to the previous analysis and records any changes.
  6. Updates the scan run record with completion statistics.

Scans use the same analysis logic as the public lookup tool. The only difference is that scan results are stored for historical tracking, while public lookups return real-time data without storing long-term history.

Triggering scans manually#

In addition to running on a schedule, scans can be triggered manually:

  1. Go to Scheduled Scans.
  2. Find the scan you want to run.
  3. Click Run Now to start it immediately.

You can also trigger a single-domain test scan to check that scanning works correctly before setting up a full schedule.

Tips#

  • Start small. Test scanning with a small group of domains before setting up large-scale scans.
  • Set appropriate frequencies. Daily scans are suitable for critical domains. Weekly scans are enough for general monitoring.
  • Review scan logs if a scan has a high failure rate. Common causes include DNS timeouts and rate limiting.
  • Use tags to organize domains into meaningful groups for targeted scanning and reporting.