Last scanned 4h ago · Mar 30, 2026, 09:22 PM
Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
View report →Suspicious emails are sent to spam, but not fully blocked yet. Your emails should reach inboxes reliably. Emails in transit can be intercepted — no transport encryption enforced.
View report →Good foundation — MTA-STS, TLS-RPT, BIMI not configured.
View report →oc-wh.org has a good email security foundation with a grade of B. 3 protocols fully configured. Missing: MTA-STS, TLS-RPT, BIMI. Addressing remaining gaps would significantly strengthen protection against spoofing.
View report →oc-wh.org has a good email security foundation with a grade of B. 3 protocols fully configured. Missing: MTA-STS, TLS-RPT, BIMI. Addressing remaining gaps would significantly strengthen protection against spoofing.
View report →oc-wh.org has a good email security foundation with a grade of B. 3 protocols fully configured. Missing: MTA-STS, TLS-RPT, BIMI. Addressing remaining gaps would significantly strengthen protection against spoofing.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →oc-wh.org has partial email authentication (grade C). Only 3 of 6 protocols are properly configured. MTA-STS, TLS-RPT, BIMI are not configured, leaving the domain vulnerable to spoofing and phishing. Immediate action is recommended.
View report →Detected Record
v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:reports@authex.online; ruf=mailto:reports@authex.online
Policy
quarantine
Aggregate Reporting
mailto:reports@authex.online
Forensic Reporting
mailto:reports@authex.online
Subdomain Policy
quarantine
DKIM Alignment
relaxed
SPF Alignment
relaxed
Consider escalating to p=reject once compliance is consistently above 98%.
Detected Record
v=spf1 include:spf.protection.outlook.com ~all
All Mechanism
~all (soft fail)
DNS Lookups
2/10
Record Length
46 bytes
Consider tightening to -all for stricter enforcement alongside your DMARC policy.
Detected Record
selector1._domainkey: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD12byf2ct4ksWGzqtffjunnL6o9pRXpx0DAjNWBEUsbzYrdUHD3ZLKQ9mNjrutRNgQ0xOjLzBU8SSXJvGwgRQ3AYExMr5Kqgslfh8Wg6cRGGwQrsofUFp27GtRin4f3SJrNMTCySNuMMXUw0... s1._domainkey: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq97kwEweQdjh848wud2CCvWFfDdPwrc0E09NdkLzcD8dQt/+4TJ2FoZQO5P71HoSkoHekTUgq63ybguB+f4w2OdgvBScwoOAtM1BuXoy0d9VxcQlmbqts6aoIx/TdMKEUYxMcEmw9SatP... s2._domainkey: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+AUaPGxDsIZRVY4JUun95298WS4HiPpXd7z7tTimBbw5O8wCP5MIgbfBo3m2hKfMITt61pl3h5O7MJ1aZls8PfcocOI2E1IfMphojtsaUvBDirjx3Q8SkSgMVY6w9Jei1vXIvuaJCYPYH4A8dao...
Selectors
selector1, s1, s2
Key Length
2048+ bit
Algorithm
rsa-sha256
Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.