Home/Knowledge Hub/Scan Stages: From Basic Checks to Full Security Review
← Back to Knowledge Hub

Scan Stages: From Basic Checks to Full Security Review

DNS & NetworkSecurityEmail·June 3, 2026·6 min read

TechSpy's multi-stage scan uncovers everything from uptime to email spoofing. Learn what each stage means, why skipping one leaves you exposed, and how to …

How Scan Stages Work

You ran a TechSpy scan and saw a report organized into stages: Basic, DNS, Subdomain, Sitemap, Deep Scan, Interact, Strategy Analysis. Think of these like the rounds a building inspector goes through—first checking if the front door exists, then looking at blueprints, then opening every closet, and finally handing you a prioritized fix-it list. Skipping a round means missing something important. A scan isn't a single yes-or-no test. It's a layered process that moves from surface checks to deep probing, each stage building on the last to give you a full picture of your domain's security and email posture.

Real-World Analogy

Real‑world analogy: A home inspector starts by verifying the address and ringing the doorbell (Basic). Then they pull up the official property records (DNS), look for basement entrances you forgot about (Subdomain), ask for a floorplan to locate every room (Sitemap), walk every inch of the house testing doors and windows (Deep Scan), try actually unlocking a few to see if they’re really secure (Interact), and finally deliver a summary with the three things you must fix before winter (Strategy Analysis). Each step catches something the previous one couldn't.

In plain English

When you click “Scan,” TechSpy starts by confirming your website is alive and well—it’s like checking that your store’s “Open” sign is lit. If that fails, nothing else matters.

Next, it reads the public directory that tells the world how to reach your email, where your website lives, and who’s authorized to send messages on your behalf. This is called DNS, the internet’s phonebook. Without it, email deliverability problems and impersonation risks hide in plain sight.

Then it hunts for subdomains—addresses like —that you may have set up years ago and forgotten. Old, unpatched subdomains are a favorite target for attackers because nobody monitors them.

After that, it asks your site for a sitemap, a list of every page you intend to be public. This reveals hidden content that search engines know about but you might not.

The deep scan actually visits those pages, checking for issues like login forms without encryption or outdated software that hackers exploit. It’s no longer just looking; it’s touching.

The interaction stage goes a step further—it safely tests forms, sending test data to see if your server leaks information or behaves unexpectedly. This stage mimics what a real attacker would do, just without doing any harm.

Finally, the strategy analysis connects the dots. It takes all the findings and tells you what’s critical, what’s a medium priority, and what can wait. You don’t just get a list of problems; you get a roadmap.

Technical Details
Basic: HTTP status check, SSL certificate validity, server header fingerprinting.
DNS: Queries MX (mail server), SPF (which servers can send email), DKIM (signature signing), DMARC (policy for failed checks), and other records like CAA.
Subdomain: Dictionary‑based brute‑force enumeration against common names (, , ) combined with passive DNS lookups to find active subdomains.
Sitemap: Fetches and ; if not found, uses crawl data to infer common page structures.
Deep Scan: Controlled crawl that inspects page source for known vulnerable JavaScript libraries, open directories, missing security headers, login forms over HTTP, and outdated software signatures.
Interact: Submits benign payloads into contact forms, newsletter sign‑ups, or search bars, observing for error messages that reveal internal paths, database details, or misconfigurations.
Strategy Analysis: Risk scoring model that weighs exploitability, data sensitivity, and prevalence to rank findings into high/medium/low, with recommended fix order.

Why It Matters for Your Business

When all stages run, you see the full picture: not just that your SSL certificate is valid, but that a subdomain you created for a 2019 campaign is still running an old WordPress version with a known flaw. That subdomain connects to your main site’s database; a breach there can compromise everything. Catching it early prevents a disaster your customers would hear about.

If you only run a quick surface check, you may never know email senders are impersonating your domain. Without SPF or DKIM records, phishing emails that look exactly like yours land in customer inboxes, damaging trust and support queues. A missing DMARC record means you won’t even get reports about the abuse.

Your marketing team cares because email deliverability drops without proper DNS setup. Your sales team cares because prospects won’t trust a domain that gets flagged as spam. Your executives care because a breach stemming from an unmonitored subdomain can lead to regulatory fines and brand damage. A multi‑stage scan isn’t just for IT; it’s for everyone who relies on your digital presence.

Common Issues and Warning Signs

Many warning signs are subtle until a scan brings them to light. Maybe you’ve noticed that some outgoing emails bounce back, or a customer forwarded you a suspicious message that looked like it came from your support alias. These aren’t random glitches—they’re symptoms of gaps a staged scan can pinpoint.

Here’s what to look for in your TechSpy report:

Common Issues

Emails landing in spam or bouncing silently: often caused by missing SPF or DKIM records. Your domain is essentially saying “I’m not verifying who I am,” so mailbox providers don’t trust you.
A forgotten subdomain like showing up with outdated software: attackers scan for these constantly. If it’s indexed by search engines, you’re effectively advertising an unlocked back door.
Login pages that don’t use HTTPS: data transmitted there—including usernames and passwords—travels in plain text, readable by anyone on the same public Wi‑Fi.
Sitemap not found: you may have pages that aren’t linked anywhere on your site. If TechSpy can’t find them, search engines can’t either, but determined attackers still will.
Contact forms that display error messages exposing internal file paths: this gives attackers a blueprint of your server’s folder structure, making further attacks easier.

How to Fix or Improve Each Stage

Start with the highest‑risk items from the strategy analysis, then work backwards. If you’re not the person who manages these technical details, forward the relevant stages to whoever handles your domain and hosting.

Once you’ve addressed the findings, share the updated report with your team. It proves that you’re proactively securing the business, not just reacting to problems. If any stage still shows warnings you don’t understand, reach out to the TechSpy community or forward the report to your IT contact—you don’t have to fix everything alone.

<!-- self-check: layer1_readable=true | fix_doable=true | no_padding=true | jargon_expanded=true -->

1Basic checks red flags: If your site failed the uptime or SSL check, contact your hosting provider immediately. Ask them to install or renew the SSL certificate and confirm the site is accessible.
2DNS issues: Log into your DNS control panel (often where you bought the domain or through your hosting provider). Fix missing SPF, DKIM, and DMARC records using TechSpy’s linked guides. If someone else manages DNS—your IT agency, web developer, or hosting support—send them the specific warnings from the report.
3Unwanted subdomains: In the same DNS panel, review all subdomain records. Delete any you don’t recognize or no longer use. For the ones you keep, ensure they point to active, updated sites and are included in your regular monitoring.
4Missing or incomplete sitemap: If your site is CMS‑based (WordPress, Shopify), most plugins generate a sitemap automatically. Verify the URL and that references it. If not, install a sitemap plugin and resubmit to Google Search Console.
5Deep scan vulnerabilities: Outdated software on any subdomain means immediate patching. If you don’t have a developer, many hosting providers offer automatic updates—enable them. Ask your IT resource to apply security patches within 48 hours for any critical findings.
6Interaction‑stage leaks: If a form revealed internal paths, disable detailed error messages in your server configuration. A web developer should configure PHP or the CMS to show generic user‑friendly errors instead of stack traces.
7Re‑scan and verify: After making changes, run the full scan again. You should see stages previously marked yellow or red turn green. The strategy analysis will update to show your reduced risk profile.

See how your domain's configuration stacks up.

Get a free scan — no sign-up, no credit card.

Scan Your Domain Free →