google.com

Last scanned 2h ago · Mar 30, 2026, 10:53 PM

Scan AgainExport PDF
C65/100

Good progress. SPF and DKIM are in place. DKIM needs attention to complete your protection.

DMARC Policy: reject1 scan total

Protocol Status

DMARC
30/35
Enforced
SPF
21/25
Soft Fail (~all)
DKIM
0/20
Not Detected
MTA-STS
9/10
Enforced
TLS-RPT
5/5
Configured
BIMI
0/5
Not Found

Score History

C65/100

First scan · Mar 30, 2026, 10:53 PM

Latest Scan Details

DMARCEnforced
30/35RFC RFC 7489

Detected Record

v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com

Policy

reject

Aggregate Reporting

mailto:mailauth-reports@google.com

DKIM Alignment

relaxed

SPF Alignment

relaxed

SPFSoft Fail (~all)
21/25RFC RFC 7208

Detected Record

v=spf1 include:_spf.google.com ~all

All Mechanism

~all (soft fail)

DNS Lookups

2/10

Record Length

35 bytes

Consider tightening to -all for stricter enforcement alongside your DMARC policy.

DKIMNot Detected
0/20RFC RFC 6376

Ensure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active.

MTA-STSEnforced
9/10RFC RFC 8461

Detected Record

v=STSv1; id=20210803T010101;

Policy ID

20210803T010101

Policy File

accessible

Mode

enforce

Max Age

86400s (below recommended 7d)

MX Match

policy MX matches actual MX

Increase max_age to at least 604800 (7 days) for stable caching.

TLS-RPTConfigured
5/5RFC RFC 8460

Detected Record

v=TLSRPTv1;rua=mailto:sts-reports@google.com

Report URI

mailto:sts-reports@google.com

BIMINot Found
0/5RFC RFC 9495

Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.