Can your business be hacked through email?

Enter your domain: we check whether someone can spoof your email (SPF, DKIM, DMARC) and whether your website is secure — a clear result, no jargon.

Free, no signup. Result in 15 seconds, with the full report (SPF, DKIM, DMARC, website).

What this test checks

In 15 seconds, we read your domain's public information and answer one question: can a fraudster send emails in your company's name? We check your three email protections (SPF, DKIM, DMARC) and your website security (HTTPS, headers, certificate).

Why email is the number-one way in

Most cyberattacks against small businesses start with an email: phishing, fake invoices, CEO fraud. Without DMARC in reject mode, anyone can write to your customers or staff pretending to be you — without ever touching your mailbox.

What to do if the test fails

Don't worry: most fixes are simple DNS records you add once. Our free check gives you the exact action plan, with the value to copy-paste for your provider (Microsoft 365, Google Workspace). No technical knowledge required. To go further, read the small-business cybersecurity guide for Québec.

Frequently asked questions

Does this test actually break into my business?

No. We touch nothing and log into no account. We only read public information (DNS, your site's headers) to assess whether your email can be spoofed. It's 100% safe.

Do I need to be technical to understand the result?

No — that's the whole point. The result is explained in plain language, with an action plan and the exact values to copy-paste. You can do it yourself or hand it to your provider.

How much does it cost?

The test and the full report are free, no signup. Cyberbilan also offers optional paid continuous monitoring, but the check stays free.

My business is small — am I really a target?

Yes, often more than a large company. Fraudsters target small businesses precisely because they have fewer protections while still handling real money and real customer data.

Helpful guides