Only DMARC is configured. Your domain needs SPF, DKIM, and DMARC working together to prevent spoofing.
| Protocol | Status | Score |
|---|---|---|
| DMARC | Quarantine | 29 / 35 |
| SPF | Not Found | 0 / 25 |
| DKIM | Not Detected | 0 / 20 |
| MTA-STS | Testing Mode | 7 / 10 |
| TLS-RPT | Not Configured | 0 / 5 |
| BIMI | Not Found | 0 / 5 |
Assessment of office.com against major email security compliance frameworks.
| Framework | Reference | Requirements | Status |
|---|---|---|---|
| PCI DSS 4.0 | Req 5.4.1 | DMARC + SPF + DKIM | Partial |
| Google / Yahoo Bulk Sender | 2024 Requirements | DMARC + SPF + DKIM | Partial |
| NIST SP 800-177 | Rev. 1 | SPF + DKIM + DMARC | Partial |
| CISA BOD 18-01 | Binding Operational Directive | DMARC (p=reject) | Non-Compliant |
| Cyber Essentials | UK NCSC | DMARC + SPF | Partial |
DMARC policy is set to quarantine. Suspicious emails are filtered but not blocked outright.
| Policy | quarantine |
| Percentage | 100% |
| Aggregate Reporting | mailto:rua@dmarc.microsoft |
| Forensic Reporting | mailto:ruf@dmarc.microsoft |
| DKIM Alignment | relaxed |
| SPF Alignment | relaxed |
No SPF record found for office.com. Receiving servers cannot verify authorized senders.
No DKIM record found for common selectors on office.com. DKIM may use a custom selector that could not be auto-detected.
Transport-layer email security protocols that protect messages in transit between mail servers.
MTA-STS DNS record exists for office.com. Policy mode: testing.
| Policy ID | 20180321T030303 |
| Policy File | accessible |
| Mode | testing |
| Max Age | 604800s (7d) |
| MX Match | policy MX does not match actual MX |
No TLS-RPT record found for office.com. TLS delivery failures are invisible.
No BIMI record found for office.com. Brand logo will not appear in supporting email clients.
Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.
| # | Protocol | Finding | Severity | Fix |
|---|---|---|---|---|
| 1 | SPF | Not Found | High | Publish an SPF record listing your authorized email senders (e.g. v=spf1 include:_spf.google.com ~all). |
| 2 | DKIM | Not Detected | High | Ensure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active. |
| 3 | TLS-RPT | Not Configured | High | Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections. |
| 4 | BIMI | Not Found | High | Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100. |
| 5 | MTA-STS | Testing Mode | Medium | Switch MTA-STS policy from testing to enforce once you have verified TLS works for all senders. |
| 6 | DMARC | Quarantine | Low | Consider escalating to p=reject once compliance is consistently above 98%. |
Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.
| Protocol | Max Points | Weight |
|---|---|---|
| DMARC | 35 | 35% |
| SPF | 25 | 25% |
| DKIM | 20 | 20% |
| MTA-STS | 10 | 10% |
| TLS-RPT | 5 | 5% |
| BIMI | 5 | 5% |
| Grade | Score Range |
|---|---|
| A+ | 95 - 100 |
| A | 85 - 94 |
| B | 70 - 84 |
| C | 50 - 69 |
| D | 30 - 49 |
| F | 0 - 29 |