authex.online has a good email security foundation with a grade of C. 4 protocols fully configured. Needs attention: DMARC, BIMI. Addressing remaining gaps would significantly strengthen protection against spoofing.
| Protocol | Status | Score |
|---|---|---|
| DMARC | Monitor Only (p=none) | 23 / 35 |
| SPF | Hard Fail (-all) | 23 / 25 |
| DKIM | Found (selector: selector1) | 20 / 20 |
| MTA-STS | DNS Record Only | 2 / 10 |
| TLS-RPT | Configured | 5 / 5 |
| BIMI | Incomplete | 1 / 5 |
Assessment of authex.online against major email security compliance frameworks.
| Framework | Reference | Requirements | Status |
|---|---|---|---|
| PCI DSS 4.0 | Req 5.4.1 | DMARC + SPF + DKIM | Partial |
| Google / Yahoo Bulk Sender | 2024 Requirements | DMARC + SPF + DKIM | Partial |
| NIST SP 800-177 | Rev. 1 | SPF + DKIM + DMARC | Partial |
| CISA BOD 18-01 | Binding Operational Directive | DMARC (p=reject) | Non-Compliant |
| Cyber Essentials | UK NCSC | DMARC + SPF | Partial |
DMARC policy is set to none (monitor only). Unauthorized emails are still delivered.
| Policy | none |
| Aggregate Reporting | mailto:reports@authex.online |
| Forensic Reporting | mailto:reports@authex.online |
| DKIM Alignment | relaxed |
| SPF Alignment | relaxed |
SPF record found with 2 DNS lookups and -all.
| All Mechanism | -all (hard fail) |
| DNS Lookups | 2/10 |
| Record Length | 58 bytes |
DKIM key found at selector "selector1". Email integrity and sender authenticity can be verified.
| Selector | selector1 |
| Key Length | 2048+ bit |
| Algorithm | rsa-sha256 |
Transport-layer email security protocols that protect messages in transit between mail servers.
MTA-STS DNS record exists for authex.online. Policy file could not be verified.
| Policy ID | d5f0c5367773 |
| Policy File | HTTP 404 |
TLS-RPT is configured for authex.online. Reports on TLS delivery failures will be sent to mailto:reports@authex.online.
| Report URI | mailto:reports@authex.online |
BIMI record exists for authex.online but is missing key components.
| DMARC Prerequisite | not met (requires p=quarantine/reject with pct=100) |
Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.
| # | Protocol | Finding | Severity | Fix |
|---|---|---|---|---|
| 1 | DMARC | Monitor Only (p=none) | Medium | Progress to p=quarantine and then p=reject once you have identified all legitimate senders via RUA reports. |
| 2 | BIMI | Incomplete | Medium | Add an SVG Tiny PS logo URL to your BIMI record (l= tag). |
| 3 | MTA-STS | DNS Record Only | Low | Host a valid MTA-STS policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt. |
Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.
| Protocol | Max Points | Weight |
|---|---|---|
| DMARC | 35 | 35% |
| SPF | 25 | 25% |
| DKIM | 20 | 20% |
| MTA-STS | 10 | 10% |
| TLS-RPT | 5 | 5% |
| BIMI | 5 | 5% |
| Grade | Score Range |
|---|---|
| A+ | 95 - 100 |
| A | 85 - 94 |
| B | 70 - 84 |
| C | 50 - 69 |
| D | 30 - 49 |
| F | 0 - 29 |