Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
| Protocol | Status | Score |
|---|---|---|
| DMARC | Quarantine | 31 / 35 |
| SPF | Soft Fail (~all) | 21 / 25 |
| DKIM | 2 keys found | 17 / 20 |
| MTA-STS | Not Configured | 0 / 10 |
| TLS-RPT | Not Configured | 0 / 5 |
| BIMI | Configured with VMC | 5 / 5 |
Assessment of apple.com against major email security compliance frameworks.
| Framework | Reference | Requirements | Status |
|---|---|---|---|
| PCI DSS 4.0 | Req 5.4.1 | DMARC + SPF + DKIM | Compliant |
| Google / Yahoo Bulk Sender | 2024 Requirements | DMARC + SPF + DKIM | Compliant |
| NIST SP 800-177 | Rev. 1 | SPF + DKIM + DMARC | Compliant |
| CISA BOD 18-01 | Binding Operational Directive | DMARC (p=reject) | Non-Compliant |
| Cyber Essentials | UK NCSC | DMARC + SPF | Compliant |
DMARC policy is set to quarantine. Suspicious emails are filtered but not blocked outright.
| Policy | quarantine |
| Aggregate Reporting | mailto:d@rua.agari.com |
| Forensic Reporting | mailto:d@ruf.agari.com |
| Subdomain Policy | reject |
| DKIM Alignment | relaxed |
| SPF Alignment | relaxed |
SPF record found with 3 DNS lookups and ~all.
| All Mechanism | ~all (soft fail) |
| DNS Lookups | 3/10 |
| Record Length | 61 bytes |
2 DKIM keys found (selector1, selector2).
| Selectors | selector1, selector2 |
| Key Length | ~1024 bit |
| Algorithm | rsa-sha256 |
Transport-layer email security protocols that protect messages in transit between mail servers.
No MTA-STS record found for apple.com. Inbound SMTP connections are vulnerable to TLS downgrade attacks.
No TLS-RPT record found for apple.com. TLS delivery failures are invisible.
BIMI is fully configured for apple.com with a brand logo and VMC certificate.
| Logo URL | https://www.apple.com/bimi/v2/apple.svg |
| SVG Status | accessible |
| VMC Certificate | https://www.apple.com/bimi/v2/apple.pem |
| DMARC Prerequisite | met |
Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.
| # | Protocol | Finding | Severity | Fix |
|---|---|---|---|---|
| 1 | MTA-STS | Not Configured | High | Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt. |
| 2 | TLS-RPT | Not Configured | High | Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections. |
| 3 | DMARC | Quarantine | Low | Consider escalating to p=reject once compliance is consistently above 98%. |
| 4 | SPF | Soft Fail (~all) | Low | Consider tightening to -all for stricter enforcement alongside your DMARC policy. |
| 5 | DKIM | 2 keys found | Low | Upgrade DKIM key to 2048-bit for stronger cryptographic security. |
Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.
| Protocol | Max Points | Weight |
|---|---|---|
| DMARC | 35 | 35% |
| SPF | 25 | 25% |
| DKIM | 20 | 20% |
| MTA-STS | 10 | 10% |
| TLS-RPT | 5 | 5% |
| BIMI | 5 | 5% |
| Grade | Score Range |
|---|---|
| A+ | 95 - 100 |
| A | 85 - 94 |
| B | 70 - 84 |
| C | 50 - 69 |
| D | 30 - 49 |
| F | 0 - 29 |