Email Security

SPF, DKIM, DMARC, BIMI and email authentication analysis
Score
55/100
SPF
Valid
DKIM
Missing
DMARC
NONE
Findings
9

Email Health

SPF
Valid
DKIM
Missing
DMARC
NONE
BIMI
Not configured
MTA-STS
Missing
STARTTLS
Not tested
TLS-RPT
Missing
Findings
9

Security Findings

SPF 1

SPF uses soft fail (~all)
security_posture / warning / RFC 7208 5.1

DKIM 1

No DKIM selectors detected
warning

DMARC 4

Historic DMARC pct tag detected (RFC 7489; ignored by RFC 9989)
informational / info / RFC 9989 4
DMARC depends entirely on SPF alignment
security_posture / warning / RFC 9989 4
External DMARC reporting to soundest.email is not authorized
operational_recommendation / warning / RFC 9989 7
External DMARC failure reporting to soundest.email is not authorized
operational_recommendation / warning / RFC 9989 7

MTA-STS 0

No MTA-STS policy issues detected

TLS-RPT 0

No TLS-RPT policy issues detected

STARTTLS 3

SMTP STARTTLS requires a live SMTP session against each MX host and is not tested in this DNS-only lookup.
unsupported_test / info / RFC 3207 4
MTA-STS is not configured; STARTTLS remains opportunistic unless enforced by another mechanism such as DANE.
operational_recommendation / info / RFC 3207 6
TLS-RPT is not configured, so delivery TLS failures may not be reported back to the domain owner.
operational_recommendation / info / RFC 8460 1

BIMI 0

BIMI is not configured (optional)

Improvement Opportunities

+5 points Change SPF policy from ~all to -all
+25 points Configure DKIM signing
+15 points Enable DMARC enforcement (p=reject)

Score Calculation

Component Score Reason
SPF Record 10 / 10 SPF record detected
SPF Enforcement 15 / 20 Soft fail policy (~all)
SPF Lookup Health 10 / 10 3 DNS lookups
SPF PTR Usage 5 / 5 No PTR mechanism detected
SPF Include Validation 5 / 5 All SPF includes resolved
DKIM 0 / 25 No valid DKIM selectors detected
DMARC Record 10 / 10 DMARC record detected
DMARC Enforcement 5 / 20 Policy set to none
Total 55 / 100