Use Case
Domain Security Due Diligence for Suppliers
Check the domain security posture of suppliers, counterparties, or acquisition targets. VP Shield's passive scan reads only public data — no permission needed from the domain owner.
Scan any domain →What's Checked
- No permission required — reads only public data
- Email authentication assessment (phishing risk)
- TLS/SSL grade (data-in-transit security)
- HTTP security headers (web security maturity)
- DNS hygiene and subdomain takeover risk
- Email spoofing exposure
- Comparative grading across multiple domains
- PDF report for supplier questionnaire responses
Common Questions
- Can I scan a supplier domain without their permission?
- Yes. VP Shield reads only publicly available information — DNS records, published certificates, returned HTTP headers. This is the same information any user or attacker can access by visiting the domain. No permission is required and no traffic reaches the target servers.
- What does a supplier's domain security posture tell me?
- A supplier without DMARC enforcement can be impersonated by attackers to send you fraudulent invoices or instructions. A supplier with poor TLS configuration may be transmitting your shared data over insecure connections. Domain security is a useful indicator of overall security maturity.
- Can I use VP Shield for M&A target due diligence?
- Yes. Passive domain security checks are a standard part of technical due diligence for acquisitions. You can scan the target's primary domain and any discovered subdomains without notifying the target. VantagePoint Networks provides more comprehensive technical due diligence reports for M&A engagements.
Run a free domain security scan
VP Shield checks DNS, TLS, email authentication, security headers, and subdomain takeover risk for any domain. Free, no login, two minutes.
Related Services
Cyber Essentials Domain Audit
Preparing for Cyber Essentials or Cyber Essentials Plus certification? VP Shield checks the domain security controls that assessors look for — TLS, security headers, DNS hygiene, and more.
Run your pre-assessment scan →Stop Phishing Attacks Using Your Domain
Check whether your domain can currently be used in phishing attacks against your customers and staff. VP Shield assesses your DMARC, SPF, DKIM, and spoofing exposure — free, no login.
Check phishing exposure →GDPR Email Security Check
UK GDPR requires appropriate technical security measures for personal data. Check whether your email infrastructure meets UK GDPR Article 32 requirements — DMARC, DKIM, SPF, and TLS — free.
Run GDPR email check →