Email Security

SPF, DKIM, DMARC, BIMI and email authentication analysis
Score
70/100
SPF
Present
DKIM
Key present
DMARC
QUARANTINE
Findings
9

BIMI

Status: DNS policy eligible
DMARC Policy
QUARANTINE
Enforcement
100%
Evidence Document
Declared, not fetched
Record
v=BIMI1; l=https://vmc.digicert.com/355e2008-ba38-4346-a942-70477aedc4c1.svg; a=https://vmc.digicert.com/355e2008-ba38-4346-a942-70477aedc4c1.pem
BIMI certificate declared but not cryptographically verified
Eligibility reflects declared BIMI DNS data and local DMARC policy posture. Logo assets and evidence documents are not fetched or cryptographically verified in this DNS-only check. Final logo display remains mailbox-provider dependent.

BIMI lets a domain declare a brand-logo location for supported inboxes, but this lookup only checks the DNS record and DMARC posture. It does not fetch the logo, verify evidence documents, or prove mailbox-provider display.

SMTP STARTTLS

Status: Not tested
MX Host
0 · ubt-com.mail.protection.outlook.com
MTA-STS
Not configured
TLS-RPT
Not configured

STARTTLS is negotiated during a live SMTP session after EHLO. This DNS-only lookup does not connect to MX hosts, complete a TLS handshake, or validate SMTP certificates. MTA-STS and TLS-RPT can improve transport policy and reporting, but they do not prove that a specific MX currently accepts STARTTLS.

MTA-STS

No MTA-STS record detected

MTA-STS publishes a HTTPS policy for mail delivery TLS expectations. This lookup checks the DNS record and policy file, but it does not perform a live SMTP delivery or prove that every MX currently negotiates TLS.

TLS-RPT

No TLS-RPT record detected

TLS-RPT publishes where mail systems can report TLS delivery problems. It is a reporting record, not a live SMTP TLS or certificate validation result.