facebook.com

Last scanned 2h ago · Mar 30, 2026, 10:53 PM

Scan AgainExport PDF
B71/100

Good progress. SPF and DKIM are in place. DKIM needs attention to complete your protection.

DMARC Policy: reject1 scan total

Protocol Status

DMARC
32/35
Enforced
SPF
17/25
Configured
DKIM
10/20
Key Revoked
MTA-STS
7/10
Testing Mode
TLS-RPT
5/5
Configured
BIMI
0/5
Not Found

Score History

B71/100

First scan · Mar 30, 2026, 10:53 PM

Latest Scan Details

DMARCEnforced
32/35RFC RFC 7489

Detected Record

v=DMARC1; p=reject; rua=mailto:a@dmarc.facebookmail.com; ruf=mailto:fb-dmarc@datafeeds.phishlabs.com; pct=100

Policy

reject

Percentage

100%

Aggregate Reporting

mailto:a@dmarc.facebookmail.com

Forensic Reporting

mailto:fb-dmarc@datafeeds.phishlabs.com

DKIM Alignment

relaxed

SPF Alignment

relaxed

SPFConfigured
17/25RFC RFC 7208

Detected Record

v=spf1 redirect=_spf.facebook.com

All Mechanism

not specified

DNS Lookups

1/10

Record Length

33 bytes

DKIMKey Revoked
10/20RFC RFC 6376

Detected Record

default._domainkey:
t=y; k=rsa; p=;

Selector

default

Algorithm

rsa-sha256

Status

REVOKED (empty p= tag)

The DKIM key is revoked (empty p= tag). Publish a new key for this selector.

MTA-STSTesting Mode
7/10RFC RFC 8461

Detected Record

v=STSv1; id=20191202T113700;

Policy ID

20191202T113700

Policy File

accessible

Mode

testing

Max Age

86400s (below recommended 7d)

MX Match

policy MX matches actual MX

Switch MTA-STS policy from testing to enforce once you have verified TLS works for all senders.

TLS-RPTConfigured
5/5RFC RFC 8460

Detected Record

v=TLSRPTv1;rua=mailto:sts-reports@facebookmail.com

Report URI

mailto:sts-reports@facebookmail.com

BIMINot Found
0/5RFC RFC 9495

Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.