authex
Domain Security Report

twitter.com

B72 / 100
Scan Date
Monday, March 30, 2026
Report ID
27C9AB93
“Over 90% of cyber attacks begin with email. Authentication is not optional anymore, it is your first line of defense.”
Hemanth Vishnu Akula
Founder & CEO, Authex
Section 01

Executive Summary

Your domain is well protected. SPF, DKIM, and DMARC are configured and enforcing. unauthorized emails are rejected.

Protocol Dashboard

ProtocolStatusScore
DMARCEnforced
32 / 35
SPFHard Fail (-all)
23 / 25
DKIM3 keys found
17 / 20
MTA-STSNot Configured
0 / 10
TLS-RPTNot Configured
0 / 5
BIMINot Found
0 / 5

Top Priority Actions

  1. MTA-STS: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
  2. TLS-RPT: Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
  3. BIMI: Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
Section 02

Compliance Readiness

Assessment of twitter.com against major email security compliance frameworks.

FrameworkReferenceRequirementsStatus
PCI DSS 4.0Req 5.4.1DMARC + SPF + DKIMCompliant
Google / Yahoo Bulk Sender2024 RequirementsDMARC + SPF + DKIMCompliant
NIST SP 800-177Rev. 1SPF + DKIM + DMARCCompliant
CISA BOD 18-01Binding Operational DirectiveDMARC (p=reject)Compliant
Cyber EssentialsUK NCSCDMARC + SPFCompliant
Section 03

DMARC. Domain-based Message Authentication, Reporting & Conformance

EnforcedRFC 7489
32 / 35

DMARC policy is set to reject, providing maximum protection against spoofing.

Configuration Details

Policyreject
Aggregate Reportingmailto:d3omt-8484@rua.dmarc.emailanalyst.com
Forensic Reportingmailto:d3omt-8484@ruf.dmarc.emailanalyst.com
DKIM Alignmentrelaxed
SPF Alignmentrelaxed

DNS Record

v=DMARC1; p=reject; rua=mailto:d3omt-8484@rua.dmarc.emailanalyst.com; ruf=mailto:d3omt-8484@ruf.dmarc.emailanalyst.com; fo=1
Section 04

SPF. Sender Policy Framework

Hard Fail (-all)RFC 7208
23 / 25

SPF record found with 3 DNS lookups and -all.

Configuration Details

All Mechanism-all (hard fail)
DNS Lookups3/10
Record Length184 bytes

DNS Record

v=spf1 ip4:199.16.156.0/22 ip4:199.59.148.0/22 ip4:8.25.194.0/23 ip4:8.25.196.0/23 ip4:204.92.114.203 ip4:204.92.114.204/31 include:_spf.google.com include:_thirdparty.twitter.com -all
Section 05

DKIM. DomainKeys Identified Mail

3 keys foundRFC 6376
17 / 20

3 DKIM keys found (google, dkim, mandrill).

Configuration Details

Selectorsgoogle, dkim, mandrill
Key Length~1024 bit
Algorithmrsa-sha256

DNS Record

google._domainkey: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwueoBabHD4VkjdWcXjUSvf7cnFdugQOrXKP+LJJOs/RY+GoylnCpc8ZNFxwEiUvTiQnk0nzMk/lpCQIuzHCrwZ5Kdx6ncxfPtQ7tfX88Uj6AcXZ3EWPpAAajsCDuHPF1zpYbFJDhjYq4NYf... dkim._domainkey: v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrZ6zwKHLkoNpHNyPGwGd8wZoNZOk5buOf8wJwfkSZsNllZs4jTNFQLy6v4Ok9qd46NdeRZWnTAY+lmAAV1nfH6ulBjiRHsdymijqKy/VMZ9Njjdy/+FPnJSm3+tG9Id7zgLxacA1Yis/18V3TCfvJr... mandrill._domainkey: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y...
Recommendation: Upgrade DKIM key to 2048-bit for stronger cryptographic security.
Section 06

Transport Security

Transport-layer email security protocols that protect messages in transit between mail servers.

MTA-STS Mail Transfer Agent Strict Transport Security

Not ConfiguredRFC 8461
0 / 10

No MTA-STS record found for twitter.com. Inbound SMTP connections are vulnerable to TLS downgrade attacks.

Recommendation: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

TLS-RPT TLS Reporting

Not ConfiguredRFC 8460
0 / 5

No TLS-RPT record found for twitter.com. TLS delivery failures are invisible.

Recommendation: Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.

BIMI Brand Indicators for Message Identification

Not FoundRFC 9495
0 / 5

No BIMI record found for twitter.com. Brand logo will not appear in supporting email clients.

Recommendation: Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
Section 07

Remediation Plan

Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.

#ProtocolFindingSeverityFix
1MTA-STSNot ConfiguredHighPublish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
2TLS-RPTNot ConfiguredHighPublish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
3BIMINot FoundHighPublish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
4DKIM3 keys foundLowUpgrade DKIM key to 2048-bit for stronger cryptographic security.
Need help fixing these?

Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.

Section 08

Scoring Methodology

Protocol Weights

ProtocolMax PointsWeight
DMARC3535%
SPF2525%
DKIM2020%
MTA-STS1010%
TLS-RPT55%
BIMI55%

Grade Scale

GradeScore Range
A+95 - 100
A85 - 94
B70 - 84
C50 - 69
D30 - 49
F0 - 29
authex
Generated by Authex. authex.online
Mon, 30 Mar 2026 22:53:53 GMT