Domain Governance Reflection Resource

Public-Signal Review Sheet

Use this sheet to record what can be observed from outside the organisation and what needs internal confirmation. A visible signal is evidence for a conversation, not proof of governance quality.

Domain set
Reviewed by
Date checked
Evidence source(s)

Public-signal observations

Separate the observation from interpretation. Preserve uncertainty where the signal does not tell the full story.

Domain Signal reviewed Observation Evidence source / date What this may suggest What this does not prove Owner to confirm Action required
NameserversProvider choice alone does not prove control quality.
MX recordsMX does not prove all authorised sending sources.
SPFSPF presence does not prove review or least privilege.
DKIMMissing discovered selectors may reflect selector uncertainty.
DMARCA policy value does not prove reporting is reviewed.
RDAP / registrarPublic registration data does not identify internal accountability.
DNSSECPresence or absence does not describe broader DNS governance.
Certificate transparencyCertificate issuance does not prove service ownership.
Other public dependencyA third-party signal needs internal supplier context.

Interpretation boundary

Observations that need internal confirmation
Potential governance conversations
Signals not reviewed in this pass
Visible signals should not be over-interpreted. They make the domain layer discussable; they do not replace internal governance evidence.