Email Security
Score
85/100
SPF
Present
DKIM
Key present
DMARC
REJECT
Findings
15
Security Findings
SPF 5
include: invalid domain
validity / warning / RFC 7208 4.6
include: invalid domain
validity / warning / RFC 7208 4.6
include: invalid domain
validity / warning / RFC 7208 4.6
SPF uses soft fail (~all)
security_posture / warning / RFC 7208 5.1
SPF TXT record exceeds recommended DNS length
operational_recommendation / warning / RFC 7208 3.4
DKIM 2
DKIM key is 1024-bit (allowed but deprecated)
security_posture / warning / RFC 6376 3.6.1
DKIM key is 1024-bit (allowed but deprecated)
security_posture / warning / RFC 6376 3.6.1
DMARC 5
No explicit subdomain policy defined (sp tag missing)
operational_recommendation / warning / RFC 9989 4
External DMARC reporting to ag.dmarcian.com is not authorized
operational_recommendation / warning / RFC 9989 7
External DMARC reporting to emaildefense.proofpoint.com is not authorized
operational_recommendation / warning / RFC 9989 7
External DMARC failure reporting to fr.dmarcian.com is not authorized
operational_recommendation / warning / RFC 9989 7
External DMARC failure reporting to emaildefense.proofpoint.com is not authorized
operational_recommendation / warning / RFC 9989 7
MTA-STS 0
No MTA-STS policy issues detected
TLS-RPT 0
No TLS-RPT policy issues detected
STARTTLS 3
SMTP STARTTLS requires a live SMTP session against each MX host and is not tested in this DNS-only lookup.
unsupported_test / info / RFC 3207 4
MTA-STS is not configured; STARTTLS remains opportunistic unless enforced by another mechanism such as DANE.
operational_recommendation / info / RFC 3207 6
TLS-RPT is not configured, so delivery TLS failures may not be reported back to the domain owner.
operational_recommendation / info / RFC 8460 1
BIMI 0
No BIMI policy issues detected
Improvement Opportunities
+5 points
Change SPF policy from ~all to -all
+10 points
Upgrade 2 DKIM key(s) to 2048-bit
Score Calculation
| Component | Score | Reason |
|---|---|---|
| SPF Record | 10 / 10 | SPF record detected |
| SPF Enforcement | 15 / 20 | Soft fail policy (~all) |
| SPF Lookup Health | 10 / 10 | 5 DNS lookups |
| SPF PTR Usage | 5 / 5 | No PTR mechanism detected |
| SPF Include Validation | 5 / 5 | All SPF includes resolved |
| DKIM | 15 / 25 | 6 valid selector(s) |
| DMARC Record | 10 / 10 | DMARC record detected |
| DMARC Enforcement | 20 / 20 | Policy set to reject |
| Total | 85 / 100 |