DNS changes are security events. Treat them that way.
A weakened DMARC policy, a new SPF include, a vanished DKIM key — most stacks never notice until mail breaks or spoofing lands. Trustliant snapshots every scan and turns meaningful diffs into explained, scored findings.
Point-in-time snapshots, forever
Every scan stores the complete posture: raw records, parsed state, lookup budgets, and score breakdown. That history answers 'what changed and when' during incidents, and 'how far we've come' in quarterly reviews — the same data serving both firefighting and proof-of-work.
Changes, explained
The roadmap turns snapshot diffs into first-class change events: what changed, why it matters, whether posture improved or weakened, and who should care. A DMARC policy stepping up to p=reject is a win worth reporting; an SPF include appearing overnight is a question worth asking.
The forgotten-domain problem
Parked domains, legacy brands, and stale subdomains still spoofable are classic MSP blind spots. Inventorying them per customer — with a 'no mail should ever come from this' lockdown recipe (SPF -all, DMARC reject, no DKIM) — closes an entire attack class cheaply.
For your technicians
Full snapshot history per domain with raw records at each point in time — incident forensics without asking 'does anyone have a screenshot of the old record?'
For your clients
“We watch your domain's security settings around the clock and investigate every meaningful change — including the domains you forgot you owned.”