🔒 Privacy Policy
How we handle your data across all our tools.
Last updated: May 2026
Who We Are
TamingDNS is operated by Outsource House (trading as OSH.co.za), based in Cape Town, South Africa. The named operator and data controller for this site is Paul Ogier, Technical Director. For data-protection queries, email [email protected].
What We Collect
Whatever you type in (a domain, an IP, a header dump) is used to produce your result and then dropped. Nothing is written to a database, nothing is kept in a log file we go back and read. If you run the same check tomorrow, we have no record that you ran it today.
Tool-Specific Data Handling
Your domain is used to run DNS lookups and email authentication checks. Nothing is stored.
Your domain is queried for DNS TXT records containing SPF data. Nothing is stored.
Your domain is queried at known DKIM selector subdomains (e.g. google._domainkey.{domain}). Queries run client-side via Google DNS-over-HTTPS. Nothing is stored.
Your domain is queried at _dmarc.{domain} for TXT records. External report destination authorisation records are also checked where applicable. All queries run client-side via Google DNS-over-HTTPS. Nothing is stored.
Your domain is queried at default._bimi.{domain}. Nothing is stored.
We run DNSSEC validation queries via Google and Cloudflare resolvers. Nothing is stored on our servers.
Your domain is queried at _mta-sts.{domain} and the policy file is fetched at https://mta-sts.{domain}/.well-known/mta-sts.txt. Nothing is stored.
Your domain is queried at _smtp._tls.{domain} and _mta-sts.{domain}. Nothing is stored.
Your domain is sent to RDAP services to retrieve publicly available registration data. Nothing is stored.
The domain or IP address you enter is queried against known email blacklist services (RBLs). Nothing is stored.
Your domain is queried against multiple DNS resolvers worldwide to check propagation status. Nothing is stored.
Your domain is queried for the requested record type via Google, Cloudflare, or Quad9 DNS-over-HTTPS. Nothing is stored.
Your domain is queried for MX records. Each MX hostname is resolved for A and AAAA addresses, and reverse DNS (PTR) lookups are performed on each resolved IP. All queries run client-side via Google DNS-over-HTTPS. Nothing is stored.
Headers you paste are sent to our server for parsing and immediately discarded. They're never stored or logged. Headers may contain email addresses, but we use them only to return the analysis.
Bounce messages you paste are sent to our server for parsing and immediately discarded. They're never stored or logged. Messages may contain email addresses, but we use them only to return the analysis.
The SPF builder runs entirely in your browser. Nothing is sent to our servers unless you submit a support request.
The DMARC builder runs entirely in your browser. Nothing is sent to our servers unless you submit a support request.
Your domain is queried for CNAME records at common sub-hosts (www, autodiscover, CDN, status, etc.). Each alias chain is followed to its target. Queries run client-side via Google DNS-over-HTTPS. Nothing is stored.
Your domain is queried for TXT records at the apex and well-known locations (_dmarc, _mta-sts, _smtp._tls, default._bimi, and common verification tokens). Queries run client-side via Google DNS-over-HTTPS. Nothing is stored.
The IP address you enter is queried for a PTR record, and the result is resolved forward to confirm FCrDNS. Queries run client-side via Google DNS-over-HTTPS. Nothing is stored.
The IP you enter is sent to public RDAP services and a GeoIP provider to retrieve network, country, abuse contact, and PTR data. Nothing is stored.
Your public IP is detected by your browser, then used to look up ASN, country, PTR, FCrDNS, and blacklist status via RDAP and DNS-over-HTTPS. Your IP is not stored or logged by us.
Your domain is queried for autodiscover and autoconfig DNS records, SRV entries, and the well-known HTTPS endpoints that mail clients use to self-configure. Nothing is stored.
Your domain is queried for the SPF, DKIM (google selector), DMARC, MX, and MTA-STS records expected by Google Workspace. Queries run via DNS-over-HTTPS. Nothing is stored.
Your domain is queried for the SPF, DKIM (selector1/selector2), DMARC, MX, MTA-STS, and Autodiscover records expected by Microsoft 365. Queries run via DNS-over-HTTPS. Nothing is stored.
Your domain is queried for MX hosts, then each is queried at _25._tcp.{host} for TLSA records, with DNSSEC validation. Nothing is stored.
Your domain is queried for v=MCPv1 TXT records at the apex to validate Model Context Protocol signing keys. Nothing is stored.
DMARC XML reports you upload are parsed in memory on our server and immediately discarded. Reports are never stored or logged. They contain sending IPs and your own domain — we use them only to return the analysis.
The DKIM key pair is generated entirely in your browser. Your private key never leaves your device.
The subnet calculator runs entirely in your browser. Nothing is sent to our servers.
The TXT splitter runs entirely in your browser. Nothing is sent to our servers.
How We Use Your Data
Your input is only used to return your results. We do not save it, build a profile from it, or sell it.
How the Checks Work
Most checks are plain DNS lookups, sent from your browser to Google's DNS-over-HTTPS (with Cloudflare and Quad9 as fallbacks). The only thing in the query is the domain name you typed.
Bot Protection
We use Cloudflare Turnstile to stop bots from hammering the tools. It looks at browser signals to decide you are a real person, and does not collect personal data. Cloudflare's privacy policy applies: cloudflare.com/privacypolicy.
Website Analytics
We run Google Analytics to see which tools get used the most. Your IP is anonymised before anything is sent, and the domain names you check are never passed to Google. You can opt out at any time: tools.google.com/dlpage/gaoptout.
Contact Us
Questions about privacy? Email [email protected] or use the contact form at osh.co.za/contact.