amazonaws.com

Last scanned 2h ago · Mar 30, 2026, 10:53 PM

Scan AgainExport PDF
D48/100

Good progress. SPF and DKIM are in place. DKIM needs attention to complete your protection.

DMARC Policy: quarantine1 scan total

Protocol Status

DMARC
27/35
Quarantine
SPF
21/25
Soft Fail (~all)
DKIM
0/20
Not Detected
MTA-STS
0/10
Not Configured
TLS-RPT
0/5
Not Configured
BIMI
0/5
Not Found

Score History

D48/100

First scan · Mar 30, 2026, 10:53 PM

Latest Scan Details

DMARCQuarantine
27/35RFC RFC 7489

Detected Record

v=DMARC1; p=quarantine; sp=none; pct=100; rua=mailto:aws-marketing-email-dmarc-rua-reports@dmarc.amazonaws.com; ruf=mailto:aws-marketing-email-dmarc-ruf-reports@dmarc.amazonaws.com

Policy

quarantine

Percentage

100%

Aggregate Reporting

mailto:aws-marketing-email-dmarc-rua-reports@dmarc.amazonaws.com

Forensic Reporting

mailto:aws-marketing-email-dmarc-ruf-reports@dmarc.amazonaws.com

Subdomain Policy

none

DKIM Alignment

relaxed

SPF Alignment

relaxed

Consider escalating to p=reject once compliance is consistently above 98%.

SPFSoft Fail (~all)
21/25RFC RFC 7208

Detected Record

v=spf1 include:amazon.com ~all

All Mechanism

~all (soft fail)

DNS Lookups

2/10

Record Length

30 bytes

Consider tightening to -all for stricter enforcement alongside your DMARC policy.

DKIMNot Detected
0/20RFC RFC 6376

Ensure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active.

MTA-STSNot Configured
0/10RFC RFC 8461

Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

TLS-RPTNot Configured
0/5RFC RFC 8460

Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.

BIMINot Found
0/5RFC RFC 9495

Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.