Domain observability for safer digital operations
Merula continuously monitors the public posture of your domains — DNS, certificates, email authentication, transport security, web headers, availability, domain lifecycle and routing — explains what changed, and sends clear signals when something needs attention, without becoming another dashboard your team has to monitor.
Add your domains once. Merula keeps watching. The dashboard is there when you need context; the daily value comes from continuous checks, clear alerts and structured signals that fit into existing workflows.
Know what changed. Understand why it matters. Sleep better at night.
Merula is in development and launches after summer 2026.
Start with the problem you actually have
A stronger baseline for your domain
Merula monitors 26 individual checks organised into the nine groups below. Together, they describe the health of your public domain environment. DNS records show where your services point. Certificates help protect encrypted connections. Email authentication helps reduce spoofing exposure and delivery issues. Transport security helps protect mail in transit. HTTP security headers reduce common web exposure. Availability checks show whether key endpoints respond. Domain lifecycle monitoring surfaces expiry and registrar-status risks early.
Together, these controls form a practical baseline for secure and resilient digital operations.
Authoritative records — A, AAAA, MX, NS, CNAME, CAA and the apex TXT set — tracked against the last known-good state, with DNSSEC validation monitored as a separate check.
Validity, chain, hostname match, protocol and cipher hardening, with early warnings before expiry.
SPF, common DKIM selectors and DMARC — syntax, alignment mode, policy strength and reporting endpoints.
STARTTLS on every MX — surfacing each mail server's certificate expiry from the same handshake — plus MTA-STS policy, TLS-RPT reporting endpoint and DANE (TLSA) verified against DNSSEC where published.
Content-Security-Policy, HSTS, frame protection, cookie hygiene and version disclosure.
HTTPS-first availability checks with HTTP fallback for diagnosis and a fast heartbeat.
-
robots.txtSnapshot of crawler directives, with alerts on accidental disallow-all. -
sitemap.xmlPresence and well-formed XML root, against the sitemaps.org structure. -
security.txtRFC 9116 disclosure metadata — contact field and expiry status.
Registry expiry, registrar transfer lock, registrar identity and lifecycle states such as redemption or pending delete, using RDAP where available.
RPKI route-origin validation for the networks serving your domain — the routing-layer companion to DNSSEC — read from public data, with the recommended action pointed at your hosting provider.
Records don’t fail in isolation
Some of the most disruptive failures do not live in a single record. They appear in the relationship between controls: a mail server that is expected by policy but not actually reachable over TLS, a DMARC policy that looks ready to enforce while legitimate senders still fail alignment, or a DNS change that is harmless on its own but weakens the baseline you previously accepted.
Merula reads related records together, not only one by one, and highlights tensions where one control affects another — with the same explanation as everything else: what it found, why it matters and where to look next.
Clear signals for existing workflows
Domain posture changes should not disappear inside another tool. Merula turns continuous checks into clear findings, calm alerts and structured signals that can reach the people and systems already responsible for operations, security and continuity.
When a configuration drifts, a certificate approaches expiry, an email-authentication policy weakens or a domain enters a risky lifecycle state, Merula explains what changed, why it matters and what to do next — and routes the signal where it is needed.
Critical changes are routed immediately when detected, rather than held back for a digest; everything quieter is gathered into a single digest on the rhythm you choose — daily or weekly — so the urgent is not buried and the routine does not flood your inbox. Signals arrive by email, or as a webhook into Slack, Microsoft Teams or your own systems. Alert fatigue is treated as a product failure, not your problem to manage.
Your DMARC policy is set to p=none.
That means failed authentication is reported but not actively
enforced. We recommend moving toward
quarantine once your legitimate senders
are aligned and your aggregate reports show stable results.
Built to reduce dashboard dependency
Merula is designed to reduce dashboard dependency, not add to it.
Use the dashboard for setup, context and history — add domains, review timelines, accept expected changes, export reports, look up a finding when you need the detail behind it.
In day-to-day operations, Merula watches continuously and sends clear signals to the people and workflows that already handle operational work. Once configured, it runs quietly in the background — the signal arrives where you already are.
Monitor the configuration you expect
A domain can be correctly configured today and drift tomorrow — and not every change is a problem. A planned DNS move or a new mail provider is expected; a silent weakening of your DMARC policy is not.
So Merula watches the configuration you expect, not only the one you have right now. When something changes, you decide: accept it as the new normal — and it settles back to healthy until it changes again — or leave it open as a finding to act on. Merula remembers the difference, which is what separates it from a one-off checker.
Every check, change and decision is kept in a per-domain timeline: what changed, when, the previous value, and whether it was accepted. That makes incidents easier to investigate, remediation easier to confirm, and your baseline consistent over time.
Linked to relevant standards and frameworks
Every control is linked to the technical standards, security frameworks and guidance themes it can reasonably support — so your posture data can speak the same language as security reviews, procurement questions, audit preparation and cyber hygiene programmes.
These are technical relevance mappings. They explain where Merula's findings can provide supporting evidence; they are not certifications, legal opinions or claims of full regulatory compliance.
Why continuous, and not a one-off check
ENISA's Threat Landscape 2025 analysed around 4,875 incidents across the EU over the year to June 2025. The pattern it describes is less about single dramatic breaches and more about continuous, overlapping campaigns that wear resilience down over time.
That reinforces what Merula is built around: continuous hygiene matters more than a point-in-time check. Merula applies it to the public domain layer — DNS, TLS, email authentication, transport security, web headers, availability and domain lifecycle — the configuration that affects trust, deliverability and continuity, that changes quietly, and that Merula keeps a history of.
Further reading: ENISA Threat Landscape 2025 ↗
Built for European businesses that depend on their domains
Merula is designed for small and medium-sized European businesses, agencies and service providers that need practical visibility into the domains they depend on.
Domain posture changes quietly: DNS records drift, certificates expire, email policies weaken and web-facing configuration evolves over time. Merula keeps that public layer visible, understandable and easier to act on.
ENISA's SME cybersecurity report notes that, as businesses and technology change, efforts to manage cybersecurity should be “continuous and consistent”.
Merula applies that to the public posture of your domains — DNS, email authentication, transport security, certificates and web-facing configuration. It watches continuously, keeps history and sends clear signals when something changes.
Further reading: Read the ENISA SME report ↗