Read a domain report like the pros do.
FatDig answers a thousand questions in a single click — but only if you know how to read the answers. FDU is a small, opinionated set of guides that walk you through every field, every record type, and every cryptic acronym FatDig might hand back. No marketing fluff. No 4,000-word SEO bait. Just the things you actually need to understand a report.
A reference for the report in front of you.
When you dig a domain on FatDig you get back five to fifty different signals: WHOIS lines, DNS records,
SSL chain info, email authentication policies, headers, redirects, performance scores. Most of those
fields look obvious until something is wrong — and then you suddenly need to know what
clientHold actually means, or whether p=none is OK, or which CA your CAA record
is supposed to point at. FDU exists so the answer is one click away from any dashboard.
Every article starts with the field as you'd see it in a FatDig report, then explains what it is, what the values mean, and what you'd typically do about it. The articles are short on theory and long on examples — you can read the whole thing in five minutes if you need to act now, or settle in for the full walkthrough when you have time to actually learn the system.
Five topic areas. One per question you have.
Domain Basics
Who owns a domain, who manages it on their behalf, what those scary-looking status codes mean, and how to tell when a domain is about to drop.
Email Security
The three records that decide whether your mail lands in inbox, spam, or nowhere — and the most common ways teams break them by accident.
- SPF, DKIM & DMARC, Demystified →
- Why your SPF has too many lookupsSoon
- Reading a DMARC aggregate reportSoon
SSL & Certificates
Where certificates come from, how to tell when one is about to expire, and why the chain of trust matters even when the leaf cert looks fine.
- Reading the SSL Certificate Timeline →
- Subject Alternative Names & the Mismatch Trap →
- Self-signed, internal CAs, and when to trust themSoon
DNS & Routing
What each record type is for, how resolution actually works, and which records most teams forget to set until something embarrassing happens.
Web Security
The response headers, cookie flags, and exposed-secret checks that separate a hardened site from one a casual attacker can pick apart — all readable straight from a single request.
- The Security Headers That Actually Matter →
- Cookies and their security flagsSoon
- What an exposed API key looks likeSoon
Start here.
If you're new to domain operations, these four cover roughly 80% of what you'll see in a FatDig report. Read them in any order — each one stands alone.
How to Read a WHOIS Record
Registrar vs. registry, the EPP codes you'll actually run into, what the dates really mean, and the one field people always check too late.
SPF, DKIM & DMARC, Demystified
The three records every domain that sends mail needs — what each one proves, how they work together, and the multi-SPF trap that quietly breaks everything.
Reading the SSL Certificate Timeline
Where the dates come from, why “Valid From” matters as much as expiry, and how to read the certificate chain without losing your mind.
CAA, the Forgotten DNS Record
A five-minute DNS change that stops the entire “hostile CA issues a cert for your domain” attack class. With copy-paste examples for Let's Encrypt and DigiCert.
Every signal FatDig pulls, in one diagram.
A FatDig report is the joined output of six independent lookups. Knowing where each piece comes from makes the rest of the documentation much easier to follow.
Every FatDig report is the joined output of these six independent lookups, run in parallel against the domain you searched for.
None of these lookups depend on the others, which is why a domain can have perfect DNS but a broken cert, or a clean SSL chain but a missing SPF record. FDU walks through each branch of that diagram one article at a time, so you can confidently say “this part is fine, this part is the actual problem” when something goes wrong.