Skip to content

🌐 Domain Discovery MVP - The 20-Second Hook

Scope: MVP - Day 1 Feature Priority: Critical for user acquisition Time to Value: 20 seconds

Overview

Domain Discovery is GetCimple's instant value demonstration - showing prospects their public security posture in under 20 seconds without signup.

The Hook That Converts

User Flow

1. Landing page: "See your security posture in 20 seconds"
2. Enter domain: example.com.au
3. Instant results:
   - DNS security (SPF, DMARC, DKIM)
   - SSL certificate status
   - Public breach history
   - Open ports (basic scan)
4. Call to action: "See what the board sees β†’ Free trial"

MVP Implementation

Technical Flow

# Simplified discovery process
def discover_domain(domain):
    results = {
        "dns_security": check_dns_records(domain),
        "ssl_status": check_ssl_cert(domain),
        "breach_history": check_hibp_api(domain),
        "security_headers": check_headers(domain)
    }

    return generate_instant_report(results)

Data Sources (MVP)

  1. DNS Records (via DNS lookup)

  2. SPF record presence and validity

  3. DMARC policy and enforcement
  4. DKIM selector hints

  5. MX record security

  6. SSL/TLS Analysis

  7. Certificate validity

  8. Expiration warnings
  9. Protocol versions

  10. Known vulnerabilities

  11. Public Breach Data

  12. Have I Been Pwned API

  13. Public breach databases

  14. Aggregated statistics only

  15. Security Headers

  16. CSP presence
  17. HSTS configuration
  18. X-Frame-Options
  19. Basic security hygiene

Instant Report Format

# Security Snapshot for example.com.au

## ⚠️ Immediate Concerns (2)

- SSL certificate expires in 12 days
- No DMARC policy detected

## βœ… Good Security Practices (3)

- Valid SPF record
- HSTS enabled
- No public breaches found

## πŸ“‘ Framework Alignment

- Essential Eight: Partial (3/8 visible)
- ACSC Guidelines: Basic compliance visible

Board-ready report available with full assessment β†’

Conversion Psychology

  1. Instant Gratification: Results in seconds, not hours
  2. Tangible Value: Real security insights immediately
  3. Fear + Solution: Show problems, offer fix
  4. Social Proof: "Join 200+ Australian companies"

Technical Architecture

API Design

// Public endpoint (no auth required)
POST /api/public/discover
{
  "domain": "example.com.au"
}

// Response
{
  "domain": "example.com.au",
  "timestamp": "2024-01-20T10:00:00Z",
  "findings": {
    "critical": [],
    "warnings": [
      {
        "type": "ssl_expiry",
        "message": "SSL certificate expires in 12 days",
        "severity": "medium"
      }
    ],
    "good_practices": [
      {
        "type": "spf_record",
        "message": "Valid SPF record configured"
      }
    ]
  },
  "score": 72,
  "report_id": "temp_123", // For conversion tracking
  "next_steps": {
    "cta": "Get your board-ready report",
    "trial_url": "/signup?report=temp_123"
  }
}

Performance Requirements

  • Response Time: <3 seconds for initial results
  • Progressive Loading: Show results as available
  • Caching: 24-hour cache for repeated lookups
  • Rate Limiting: 10 requests per IP per hour

Implementation Checklist

  • DNS lookup service integration
  • SSL checker implementation
  • HIBP API integration
  • Security header scanner
  • Report generator
  • Landing page UI
  • Results visualization
  • CTA optimization
  • Analytics tracking
  • Rate limiting

Conversion Funnel

Landing Page Visit
    ↓ (40% try discovery)
Domain Entry
    ↓ (95% see results)
View Results
    ↓ (25% click CTA)
Signup Page
    ↓ (60% complete signup)
Trial Started

A/B Testing Variants

  1. Headlines

  2. "See your security posture in 20 seconds"

  3. "What does the board see about your security?"

  4. "Free security assessment - No signup required"

  5. CTAs

  6. "Get full board report"
  7. "See complete assessment"
  8. "Start securing now"

Value Proposition

For Prospects

  • Instant value without commitment
  • Genuine security insights
  • Understanding of what GetCimple offers
  • Smooth path to trial

For GetCimple

  • Lead generation with context
  • Demonstrate expertise
  • Qualify prospects (domain = company)
  • Data for sales follow-up

Post-MVP Enhancements

Phase 2: Deeper Insights

  • Subdomain enumeration
  • Technology stack detection
  • Employee LinkedIn analysis
  • Public repository scanning

Phase 3: Competitive Intelligence

  • Industry peer comparison
  • Maturity benchmarking
  • Trending security issues
  • Predictive risk scoring

Success Metrics

  • Engagement Rate: % who enter domain
  • Completion Rate: % who view full results
  • Conversion Rate: % who start trial
  • Time to Convert: Discovery β†’ Trial
  • Report Shares: Viral coefficient

Implementation Timeline

  • Week 1: Core discovery services
  • Week 2: Report generation and UI
  • Week 3: Landing page and funnel
  • Week 4: Analytics and optimization

Security & Privacy

  • Only public data sources
  • No intrusive scanning
  • Clear privacy policy
  • No data storage without signup
  • Rate limiting to prevent abuse

Related Documents: