authex

Domain Security Report

gtld-servers.net

Scan Date

Monday, March 30, 2026

Report ID

52D288AC

“Over 90% of cyber attacks begin with email. Authentication is not optional anymore, it is your first line of defense.”

Hemanth Vishnu Akula

Founder & CEO, Authex

Section 01

Executive Summary

Only DMARC is configured. Your domain needs SPF, DKIM, and DMARC working together to prevent spoofing.

Protocol Dashboard

Protocol	Status	Score
DMARC	Enforced	32 / 35
SPF	Not Found	0 / 25
DKIM	Not Detected	0 / 20
MTA-STS	Not Configured	0 / 10
TLS-RPT	Not Configured	0 / 5
BIMI	Not Found	0 / 5

Top Priority Actions

SPF: Publish an SPF record listing your authorized email senders (e.g. v=spf1 include:_spf.google.com ~all).
DKIM: Ensure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active.
MTA-STS: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

Section 02

Compliance Readiness

Assessment of gtld-servers.net against major email security compliance frameworks.

Framework	Reference	Requirements	Status
PCI DSS 4.0	Req 5.4.1	DMARC + SPF + DKIM	Partial
Google / Yahoo Bulk Sender	2024 Requirements	DMARC + SPF + DKIM	Partial
NIST SP 800-177	Rev. 1	SPF + DKIM + DMARC	Partial
CISA BOD 18-01	Binding Operational Directive	DMARC (p=reject)	Compliant
Cyber Essentials	UK NCSC	DMARC + SPF	Partial

Section 03

DMARC. Domain-based Message Authentication, Reporting & Conformance

EnforcedRFC 7489

32 / 35

DMARC policy is set to reject, providing maximum protection against spoofing.

Configuration Details

Policy	reject
Aggregate Reporting	mailto:verisign@rua.agari.com,mailto:mailreports@verisign.com
Forensic Reporting	mailto:verisign@ruf.agari.com,mailto:mailauthfail@verisign.com
DKIM Alignment	relaxed
SPF Alignment	relaxed

DNS Record

v=DMARC1; p=reject; fo=1; rf=afrf; ri=86400; rua=mailto:verisign@rua.agari.com,mailto:mailreports@verisign.com; ruf=mailto:verisign@ruf.agari.com,mailto:mailauthfail@verisign.com

Section 04

SPF. Sender Policy Framework

Not FoundRFC 7208

0 / 25

No SPF record found for gtld-servers.net. Receiving servers cannot verify authorized senders.

Recommendation: Publish an SPF record listing your authorized email senders (e.g. v=spf1 include:_spf.google.com ~all).

Section 05

DKIM. DomainKeys Identified Mail

Not DetectedRFC 6376

0 / 20

No DKIM record found for common selectors on gtld-servers.net. DKIM may use a custom selector that could not be auto-detected.

Recommendation: Ensure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active.

Section 06

Transport Security

Transport-layer email security protocols that protect messages in transit between mail servers.

MTA-STS — Mail Transfer Agent Strict Transport Security

Not ConfiguredRFC 8461

0 / 10

No MTA-STS record found for gtld-servers.net. Inbound SMTP connections are vulnerable to TLS downgrade attacks.

Recommendation: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

TLS-RPT — TLS Reporting

Not ConfiguredRFC 8460

0 / 5

No TLS-RPT record found for gtld-servers.net. TLS delivery failures are invisible.

Recommendation: Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.

BIMI — Brand Indicators for Message Identification

Not FoundRFC 9495

0 / 5

No BIMI record found for gtld-servers.net. Brand logo will not appear in supporting email clients.

Recommendation: Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.

Section 07

Remediation Plan

Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.

#	Protocol	Finding	Severity	Fix
1	SPF	Not Found	High	Publish an SPF record listing your authorized email senders (e.g. v=spf1 include:_spf.google.com ~all).
2	DKIM	Not Detected	High	Ensure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active.
3	MTA-STS	Not Configured	High	Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
4	TLS-RPT	Not Configured	High	Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
5	BIMI	Not Found	High	Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.

Need help fixing these?

Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.

Section 08

Scoring Methodology

Protocol Weights

Protocol	Max Points	Weight
DMARC	35	35%
SPF	25	25%
DKIM	20	20%
MTA-STS	10	10%
TLS-RPT	5	5%
BIMI	5	5%

Grade Scale

Grade	Score Range
A+	95 - 100
A	85 - 94
B	70 - 84
C	50 - 69
D	30 - 49
F	0 - 29

authex

Generated by Authex. authex.online

Mon, 30 Mar 2026 22:53:49 GMT