authex
Domain Security Report

hemanthvishnu.com

C64 / 100
Scan Date
Monday, March 30, 2026
Report ID
0F22A3E3
“Over 90% of cyber attacks begin with email. Authentication is not optional anymore, it is your first line of defense.”
Hemanth Vishnu Akula
Founder & CEO, Authex
Section 01

Executive Summary

Good progress. SPF and DKIM are in place. DMARC enforcement needs attention to complete your protection.

Protocol Dashboard

ProtocolStatusScore
DMARCMonitor Only
21 / 35
SPFHard Fail (-all)
23 / 25
DKIM2 keys found
20 / 20
MTA-STSNot Configured
0 / 10
TLS-RPTNot Configured
0 / 5
BIMINot Found
0 / 5

Top Priority Actions

  1. MTA-STS: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
  2. TLS-RPT: Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
  3. BIMI: Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
Section 02

Compliance Readiness

Assessment of hemanthvishnu.com against major email security compliance frameworks.

FrameworkReferenceRequirementsStatus
PCI DSS 4.0Req 5.4.1DMARC + SPF + DKIMPartial
Google / Yahoo Bulk Sender2024 RequirementsDMARC + SPF + DKIMPartial
NIST SP 800-177Rev. 1SPF + DKIM + DMARCPartial
CISA BOD 18-01Binding Operational DirectiveDMARC (p=reject)Non-Compliant
Cyber EssentialsUK NCSCDMARC + SPFPartial
Section 03

DMARC. Domain-based Message Authentication, Reporting & Conformance

Monitor OnlyRFC 7489
21 / 35

DMARC policy is set to none (monitor only). Unauthorized emails are still delivered.

Configuration Details

Policynone
Aggregate Reportingmailto:reports@authex.online
Forensic Reportingmailto:reports@authex.online
Subdomain Policynone
DKIM Alignmentrelaxed
SPF Alignmentrelaxed

DNS Record

v=DMARC1; p=none; sp=none; rua=mailto:reports@authex.online; ruf=mailto:reports@authex.online
Recommendation: Progress to p=quarantine and then p=reject once you have identified all legitimate senders via RUA reports.
Section 04

SPF. Sender Policy Framework

Hard Fail (-all)RFC 7208
23 / 25

SPF record found with 2 DNS lookups and -all.

Configuration Details

All Mechanism-all (hard fail)
DNS Lookups2/10
Record Length62 bytes

DNS Record

v=spf1 include:hemanthvishnu-com.spf.nullify-security.com -all
Section 05

DKIM. DomainKeys Identified Mail

2 keys foundRFC 6376
20 / 20

2 DKIM keys found (selector1, selector2).

Configuration Details

Selectorsselector1, selector2
Key Length2048+ bit
Algorithmrsa-sha256

DNS Record

selector1._domainkey: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuw90J1cXjGzu9s9DVVareuSNwi6YRzyhJJJTRxphmxGU4/pfW4ZsaOIEilxUWFCKgfDtB2LSMvd10CStSiELtPr4TRXNIsY68ZHnWs0Jl8aGwhmcln819FCyeDqmZPQfswTWFg+o++... selector2._domainkey: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVI7kfGKFzCHQ/f2oMI22HNzJwbflpPL2PUdpvFKEfYiNra9ie7rLnYO6g80QOzSAYxe6L3v7oL8ml/bMd2aXKl1cD4Q0W+32gjUViJWGvAFXMrIWI4FUjpvxN32YlRd5d/p37seDB...
Section 06

Transport Security

Transport-layer email security protocols that protect messages in transit between mail servers.

MTA-STS Mail Transfer Agent Strict Transport Security

Not ConfiguredRFC 8461
0 / 10

No MTA-STS record found for hemanthvishnu.com. Inbound SMTP connections are vulnerable to TLS downgrade attacks.

Recommendation: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

TLS-RPT TLS Reporting

Not ConfiguredRFC 8460
0 / 5

No TLS-RPT record found for hemanthvishnu.com. TLS delivery failures are invisible.

Recommendation: Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.

BIMI Brand Indicators for Message Identification

Not FoundRFC 9495
0 / 5

No BIMI record found for hemanthvishnu.com. Brand logo will not appear in supporting email clients.

Recommendation: Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
Section 07

Remediation Plan

Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.

#ProtocolFindingSeverityFix
1MTA-STSNot ConfiguredHighPublish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
2TLS-RPTNot ConfiguredHighPublish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
3BIMINot FoundHighPublish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
4DMARCMonitor OnlyMediumProgress to p=quarantine and then p=reject once you have identified all legitimate senders via RUA reports.
Need help fixing these?

Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.

Section 08

Scoring Methodology

Protocol Weights

ProtocolMax PointsWeight
DMARC3535%
SPF2525%
DKIM2020%
MTA-STS1010%
TLS-RPT55%
BIMI55%

Grade Scale

GradeScore Range
A+95 - 100
A85 - 94
B70 - 84
C50 - 69
D30 - 49
F0 - 29
authex
Generated by Authex. authex.online
Mon, 30 Mar 2026 22:43:38 GMT