Website.Doctor
THE PRICE LIST

No "contact us for pricing."

Every bucket we check, and what it costs. Prices up front so you can budget before you talk to us. Free checkup first — you only pay for buckets where we actually find something.

SAMPLE BUCKET — FULLY ITEMIZED

Email & Domain Hygiene

The DNS records and email authentication that nobody understands but everyone needs. SPF, DKIM, DMARC, and the glue around them.

Whole bucket $390 14 checks · pick any · no package discount
ID Check Priority Price
EMAIL-001 SPF record audit High $10
EMAIL-002 DKIM record audit High $30
EMAIL-003 DMARC policy audit High $20
EMAIL-004 DMARC report ingestion analysis Medium $75
EMAIL-005 MTA-STS policy presence Medium $10
EMAIL-006 TLS-RPT policy presence Medium $10
EMAIL-007 BIMI readiness check Low $30
EMAIL-008 Email blacklist check High $15
EMAIL-009 DNS health summary High $25
EMAIL-010 Email forwarding configuration Medium $20
EMAIL-011 Phishing impersonation surface Medium $60
EMAIL-012 Subdomain email risk Low $30
EMAIL-013 Reverse DNS / PTR check Low $10
EMAIL-014 Mail server header analysis Medium $45

This is how every bucket works under the hood. Pick the items that matter to you — buying the whole bucket costs the same as the sum of its parts. No packaging games. Not sure what a check actually does? Tap the next to any row.

EMAIL-001

SPF record audit

High priority $10

What it is

A small DNS record on your domain that lists which servers are allowed to send mail "from" you. Think of it as a guest list for your email.

Why it matters

If the list is missing, wrong, or too permissive, spammers can impersonate your domain and their junk lands in your customers' inboxes over your signature. Mailbox providers also downgrade unauthenticated mail straight to spam — hurting deliverability on your legitimate messages too.
EMAIL-002

DKIM record audit

High priority $30

What it is

A cryptographic signature added to every email you send. The public key lives in your DNS; the signature proves the message really came from you and wasn't tampered with in transit.

Why it matters

Missing or weak DKIM tanks inbox placement at Google, Microsoft, Yahoo, and Apple — they've all tightened requirements in the last two years. Old or short keys are a silent deliverability drag; expired selectors can stop outbound mail cold.
EMAIL-003

DMARC policy audit

High priority $20

What it is

The "what should happen to unauthenticated mail" policy on your domain. Three choices: reject it, send it to spam, or do nothing. It builds on SPF and DKIM.

Why it matters

Without DMARC, anyone can spoof your domain. With a policy set to "do nothing" (p=none), you've basically told the world you don't care if you're impersonated. Google and Yahoo now require at least p=none to inbox bulk mail — and real enforcement is table stakes for any brand worth protecting.
EMAIL-004

DMARC report ingestion analysis

Medium priority $75

What it is

Mailbox providers send daily XML reports showing who's trying to send mail as you, where it's landing, and whether it passed authentication. This check pulls 30 days of those reports and turns them into something you can actually read.

Why it matters

Raw DMARC reports are thousands of XML records from a dozen providers — unreadable without work. Without analysis, you have no idea whether your real mail is reaching inboxes, or whether someone's running a phishing campaign using your name.
EMAIL-005

MTA-STS policy presence

Medium priority $10

What it is

A policy that tells other mail servers "always use encryption when delivering mail to me." Published at a specific HTTPS URL and pointed to via DNS.

Why it matters

Without MTA-STS, an attacker on the network path between servers can downgrade your mail to plaintext — or redirect it entirely. It's the email equivalent of HSTS for your website: a small bit of setup that closes a real attack surface.
EMAIL-006

TLS-RPT policy presence

Medium priority $10

What it is

A small DNS record that tells other mail servers "email me a report if encryption fails when you try to deliver mail to me."

Why it matters

You don't know encryption is breaking until someone tells you. TLS-RPT is the feedback loop. Without it, silent delivery failures and downgrade attacks slip by unnoticed for weeks.
EMAIL-007

BIMI readiness check

Low priority $30

What it is

BIMI (Brand Indicators for Message Identification) puts your logo next to your messages in Gmail, Yahoo, and Apple Mail. It requires DMARC enforcement plus a specially-formatted SVG logo — and for Gmail, a Verified Mark Certificate.

Why it matters

Your logo next to your name is the single biggest trust signal in a cluttered inbox. BIMI also proves you've done the underlying authentication work — it's a public signal that your email hygiene is legitimate.
EMAIL-008

Email blacklist check

High priority $15

What it is

A scan across the major email blocklists (Spamhaus, Barracuda, SORBS, and a dozen others) to see if your sending servers or domain have been flagged.

Why it matters

One bad listing can kill your deliverability overnight. Most people don't know they're on a blocklist until customers say "I didn't get your email" for a week straight — by then, the damage is done and removal takes days.
EMAIL-009

DNS health summary

High priority $25

What it is

A review of the core DNS records that keep your email flowing: MX (where mail goes), NS (your nameservers), SOA (zone metadata), and TTL values (how fast you can change things in a crisis).

Why it matters

Bad DNS is a ticking time bomb. A single mistyped MX record or overly long TTL turns a five-minute problem into a three-day outage. This is the plumbing everything else sits on top of — if it's shaky, nothing above it works.
EMAIL-010

Email forwarding configuration

Medium priority $20

What it is

A review of catch-all addresses, aliases, and role accounts (info@, sales@, support@). Are they forwarding correctly? Is mail to unknown addresses getting eaten by a catch-all?

Why it matters

Forwarding is where real mail gets lost. Catch-alls attract spam at several times the rate of specific addresses. Alias sprawl — twenty addresses forwarding to the same human — is a support liability waiting to happen.
EMAIL-011

Phishing impersonation surface

Medium priority $60

What it is

A sweep for lookalike and typosquat domains — domains someone else registered that look like yours (websitedoctor.com, webside.doctor, w3bsite.doctor, etc.) — plus a broader brand-spoofing risk assessment.

Why it matters

Phishers don't hack your site. They register a domain that looks like yours and send mail from it. Knowing what's out there is the only way to get ahead of it — some you can take down, others you can monitor and defend against.
EMAIL-012

Subdomain email risk

Low priority $30

What it is

A check for subdomains (mail.yoursite.com, staging.yoursite.com, shop.yoursite.com) that don't have their own SPF or DMARC records.

Why it matters

DMARC on your main domain doesn't protect your subdomains by default. Every unprotected subdomain is a free spoofing surface for attackers. The fix is usually a one-line DNS record per subdomain — if you know to add it.
EMAIL-013

Reverse DNS / PTR check

Low priority $10

What it is

For mail you send from your own servers (not a provider like Google or Microsoft): a reverse DNS lookup to verify your IP resolves back to a hostname that makes sense.

Why it matters

Receiving servers check PTR records and downgrade mail without one — "this IP won't even identify itself, must be a spammer." If you use a mainstream provider, this is handled for you. If you're on your own infrastructure, a missing PTR is a silent deliverability killer.
EMAIL-014

Mail server header analysis

Medium priority $45

What it is

We pull a sample of a message your server sent, parse the chain of internal routing and authentication headers, and flag anything that shouldn't be public.

Why it matters

Email headers are verbose by design, and they often leak internal hostnames, software versions, and routing paths. Attackers read those to map your infrastructure for the next phishing attempt. Cleaning them up is a five-minute config change with real defensive value.
EVERYTHING ELSE

The other nine buckets

Bucket totals only, on purpose — the full itemized checklist is our methodology and we keep it out of Google's index. Your audit report lays out every item we checked and why.

Technical & Performance

How fast the site loads, how heavy it is, and whether the underlying technical foundation is healthy.

17 checks Total $665

Security

What an attacker sees in the first ten minutes. External reconnaissance and hardening — not penetration testing.

18 checks Total $745

Privacy & Compliance

What the site collects, who it shares with, and whether it is honest about it. CCPA, GDPR, and the state patchwork.

15 checks Total $950

Legal Documents

The static legal pages every site should have and how good they actually are. A checklist — not legal advice.

14 checks Total $430

Accessibility (ADA / WCAG)

ADA Title III applies to websites. WCAG 2.2 AA is the baseline. Automation catches maybe 30% — the rest is judgment.

20 checks Total $1,040

SEO & Discoverability

The boring technical SEO foundation that every site needs and most get half-right. Plumbing, not content strategy.

18 checks Total $500

Brand & Messaging

What the website is actually saying, and whether it is saying it well. The hardest bucket to fake with automation alone.

16 checks Total $905

UX & Best Practices

How the site actually feels to use. Not accessibility, not performance — would a real human enjoy using this.

18 checks Total $1,080

Internationalization

How well the site serves non-English speakers and how culturally portable it is. Small bucket today, bigger as you grow.

12 checks Total $400

Ready to see what's actually wrong with your site?

The checkup is free. If we don't find anything, you don't pay a dime. If we do, you pick the buckets you want the full diagnosis on.

Run my free checkup →