office.com

Last scanned 2h ago · Mar 30, 2026, 10:53 PM

Scan Again Export PDF

D36/100

Only DMARC is configured. Your domain needs SPF, DKIM, and DMARC working together to prevent spoofing.

DMARC Policy: quarantine1 scan total

Protocol Status

DMARC

29/35

Quarantine

SPF

0/25

Not Found

DKIM

0/20

Not Detected

MTA-STS

7/10

Testing Mode

TLS-RPT

0/5

Not Configured

BIMI

0/5

Not Found

Score History

D36/100

First scan · Mar 30, 2026, 10:53 PM

Latest Scan Details

DMARCQuarantine

29/35RFC RFC 7489

Detected Record

v=DMARC1; p=quarantine; pct=100; rua=mailto:rua@dmarc.microsoft; ruf=mailto:ruf@dmarc.microsoft; fo=1

Policy

quarantine

Percentage

100%

Aggregate Reporting

mailto:rua@dmarc.microsoft

Forensic Reporting

mailto:ruf@dmarc.microsoft

DKIM Alignment

relaxed

SPF Alignment

relaxed

Consider escalating to p=reject once compliance is consistently above 98%.

SPFNot Found

0/25RFC RFC 7208

Publish an SPF record listing your authorized email senders (e.g. v=spf1 include:_spf.google.com ~all).

DKIMNot Detected

0/20RFC RFC 6376

Ensure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active.

MTA-STSTesting Mode

7/10RFC RFC 8461

Detected Record

v=STSv1; id=20180321T030303;

Policy ID

20180321T030303

Policy File

accessible

Mode

testing

Max Age

604800s (7d)

MX Match

policy MX does not match actual MX

Switch MTA-STS policy from testing to enforce once you have verified TLS works for all senders.

TLS-RPTNot Configured

0/5RFC RFC 8460

Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.

BIMINot Found

0/5RFC RFC 9495

Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.