authex

Domain Security Report

linkedin.com

Scan Date

Monday, March 30, 2026

Report ID

659C0B7B

“Over 90% of cyber attacks begin with email. Authentication is not optional anymore, it is your first line of defense.”

Hemanth Vishnu Akula

Founder & CEO, Authex

Section 01

Executive Summary

Your domain is well protected. SPF, DKIM, and DMARC are configured and enforcing. unauthorized emails are rejected.

Protocol Dashboard

Protocol	Status	Score
DMARC	Enforced	32 / 35
SPF	Soft Fail (~all)	21 / 25
DKIM	Found (google)	17 / 20
MTA-STS	Not Configured	0 / 10
TLS-RPT	Configured	5 / 5
BIMI	Configured with VMC	5 / 5

Top Priority Actions

MTA-STS: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
SPF: Consider tightening to -all for stricter enforcement alongside your DMARC policy.
DKIM: Upgrade DKIM key to 2048-bit for stronger cryptographic security.

Section 02

Compliance Readiness

Assessment of linkedin.com against major email security compliance frameworks.

Framework	Reference	Requirements	Status
PCI DSS 4.0	Req 5.4.1	DMARC + SPF + DKIM	Compliant
Google / Yahoo Bulk Sender	2024 Requirements	DMARC + SPF + DKIM	Compliant
NIST SP 800-177	Rev. 1	SPF + DKIM + DMARC	Compliant
CISA BOD 18-01	Binding Operational Directive	DMARC (p=reject)	Compliant
Cyber Essentials	UK NCSC	DMARC + SPF	Compliant

Section 03

DMARC. Domain-based Message Authentication, Reporting & Conformance

EnforcedRFC 7489

32 / 35

DMARC policy is set to reject, providing maximum protection against spoofing.

Configuration Details

Policy	reject
Aggregate Reporting	mailto:d@rua.agari.com,mailto:yfy3q-9359@rua.dmarc.emailanalyst.com
Forensic Reporting	mailto:d@ruf.agari.com
DKIM Alignment	relaxed
SPF Alignment	relaxed

DNS Record

v=DMARC1; p=reject; rua=mailto:d@rua.agari.com,mailto:yfy3q-9359@rua.dmarc.emailanalyst.com; ruf=mailto:d@ruf.agari.com

Section 04

SPF. Sender Policy Framework

Soft Fail (~all)RFC 7208

21 / 25

SPF record found with 3 DNS lookups and ~all.

Configuration Details

All Mechanism	~all (soft fail)
DNS Lookups	3/10
Record Length	236 bytes

DNS Record

v=spf1 ip4:199.101.162.0/25 ip4:108.174.3.0/24 ip4:108.174.6.0/24 ip4:108.174.0.0/24 ip6:2620:109:c00d:104::/64 ip6:2620:109:c006:104::/64 ip6:2620:109:c003:104::/64 ip6:2620:119:50c0:207::/64 ip4:199.101.161.130 mx mx:docusign.net ~all

Recommendation: Consider tightening to -all for stricter enforcement alongside your DMARC policy.

Section 05

DKIM. DomainKeys Identified Mail

Found (google)RFC 6376

17 / 20

DKIM key found at selector "google".

Configuration Details

Selector	google
Key Length	~1024 bit
Algorithm	rsa-sha256

DNS Record

google._domainkey:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLhE5uHP4DCQPLBtQNWwX2rvKIxmdgrYvdutyxpbCqgcKPoizLq3nga7Q2OdQ6bhevk8SuM8LTYfN+xNuJZb88vT195QG7OkcisrCA3RpL6Qq+9mB+sGFQ92gZlgQPQMrsEHfG6nLYXqilsB...

Recommendation: Upgrade DKIM key to 2048-bit for stronger cryptographic security.

Section 06

Transport Security

Transport-layer email security protocols that protect messages in transit between mail servers.

MTA-STS — Mail Transfer Agent Strict Transport Security

Not ConfiguredRFC 8461

0 / 10

No MTA-STS record found for linkedin.com. Inbound SMTP connections are vulnerable to TLS downgrade attacks.

Recommendation: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

TLS-RPT — TLS Reporting

ConfiguredRFC 8460

5 / 5

TLS-RPT is configured for linkedin.com. Reports on TLS delivery failures will be sent to mailto:tlsreports@linkedin.com.

Report URI

mailto:tlsreports@linkedin.com

v=TLSRPTv1; rua=mailto:tlsreports@linkedin.com

Section 07

BIMI. Brand Indicators for Message Identification

Configured with VMCRFC 9495

5 / 5

BIMI is fully configured for linkedin.com with a brand logo and VMC certificate.

Logo URL	https://media.licdn.com/media/AAYQAQQhAAgAAQAAAAAAABrLiVuNIZ3fRKGlFSn4hGZubg.svg
SVG Status	accessible
VMC Certificate	https://media.licdn.com/media/AAYABAQhAAgAAQAAAAAAAYFI0DP_wvHFSv6mYduMZuEwSA.pem
DMARC Prerequisite	met

v=BIMI1; l=https://media.licdn.com/media/AAYQAQQhAAgAAQAAAAAAABrLiVuNIZ3fRKGlFSn4hGZubg.svg; a=https://media.licdn.com/media/AAYABAQhAAgAAQAAAAAAAYFI0DP_wvHFSv6mYduMZuEwSA.pem;

Section 08

Remediation Plan

Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.

#	Protocol	Finding	Severity	Fix
1	MTA-STS	Not Configured	High	Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
2	SPF	Soft Fail (~all)	Low	Consider tightening to -all for stricter enforcement alongside your DMARC policy.
3	DKIM	Found (google)	Low	Upgrade DKIM key to 2048-bit for stronger cryptographic security.

Need help fixing these?

Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.

Section 09

Scoring Methodology

Protocol Weights

Protocol	Max Points	Weight
DMARC	35	35%
SPF	25	25%
DKIM	20	20%
MTA-STS	10	10%
TLS-RPT	5	5%
BIMI	5	5%

Grade Scale

Grade	Score Range
A+	95 - 100
A	85 - 94
B	70 - 84
C	50 - 69
D	30 - 49
F	0 - 29

authex

Generated by Authex. authex.online

Mon, 30 Mar 2026 22:53:53 GMT