authex
Domain Security Report

googletagmanager.com

C53 / 100
Scan Date
Monday, March 30, 2026
Report ID
A33FB676
“Over 90% of cyber attacks begin with email. Authentication is not optional anymore, it is your first line of defense.”
Hemanth Vishnu Akula
Founder & CEO, Authex
Section 01

Executive Summary

Good progress. SPF and DKIM are in place. DKIM needs attention to complete your protection.

Protocol Dashboard

ProtocolStatusScore
DMARCEnforced
30 / 35
SPFHard Fail (-all)
23 / 25
DKIMNot Detected
0 / 20
MTA-STSNot Configured
0 / 10
TLS-RPTNot Configured
0 / 5
BIMINot Found
0 / 5

Top Priority Actions

  1. DKIM: Ensure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active.
  2. MTA-STS: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
  3. TLS-RPT: Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
Section 02

Compliance Readiness

Assessment of googletagmanager.com against major email security compliance frameworks.

FrameworkReferenceRequirementsStatus
PCI DSS 4.0Req 5.4.1DMARC + SPF + DKIMPartial
Google / Yahoo Bulk Sender2024 RequirementsDMARC + SPF + DKIMPartial
NIST SP 800-177Rev. 1SPF + DKIM + DMARCPartial
CISA BOD 18-01Binding Operational DirectiveDMARC (p=reject)Compliant
Cyber EssentialsUK NCSCDMARC + SPFCompliant
Section 03

DMARC. Domain-based Message Authentication, Reporting & Conformance

EnforcedRFC 7489
30 / 35

DMARC policy is set to reject, providing maximum protection against spoofing.

Configuration Details

Policyreject
Aggregate Reportingmailto:mailauth-reports@google.com
DKIM Alignmentrelaxed
SPF Alignmentrelaxed

DNS Record

v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com
Section 04

SPF. Sender Policy Framework

Hard Fail (-all)RFC 7208
23 / 25

SPF record found with 1 DNS lookup and -all.

Configuration Details

All Mechanism-all (hard fail)
DNS Lookups1/10
Record Length11 bytes

DNS Record

v=spf1 -all
Section 05

DKIM. DomainKeys Identified Mail

Not DetectedRFC 6376
0 / 20

No DKIM record found for common selectors on googletagmanager.com. DKIM may use a custom selector that could not be auto-detected.

Recommendation: Ensure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active.
Section 06

Transport Security

Transport-layer email security protocols that protect messages in transit between mail servers.

MTA-STS Mail Transfer Agent Strict Transport Security

Not ConfiguredRFC 8461
0 / 10

No MTA-STS record found for googletagmanager.com. Inbound SMTP connections are vulnerable to TLS downgrade attacks.

Recommendation: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

TLS-RPT TLS Reporting

Not ConfiguredRFC 8460
0 / 5

No TLS-RPT record found for googletagmanager.com. TLS delivery failures are invisible.

Recommendation: Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.

BIMI Brand Indicators for Message Identification

Not FoundRFC 9495
0 / 5

No BIMI record found for googletagmanager.com. Brand logo will not appear in supporting email clients.

Recommendation: Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
Section 07

Remediation Plan

Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.

#ProtocolFindingSeverityFix
1DKIMNot DetectedHighEnsure your email provider has published DKIM keys. If using a custom selector, DKIM may still be active.
2MTA-STSNot ConfiguredHighPublish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
3TLS-RPTNot ConfiguredHighPublish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
4BIMINot FoundHighPublish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
Need help fixing these?

Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.

Section 08

Scoring Methodology

Protocol Weights

ProtocolMax PointsWeight
DMARC3535%
SPF2525%
DKIM2020%
MTA-STS1010%
TLS-RPT55%
BIMI55%

Grade Scale

GradeScore Range
A+95 - 100
A85 - 94
B70 - 84
C50 - 69
D30 - 49
F0 - 29
authex
Generated by Authex. authex.online
Mon, 30 Mar 2026 22:53:53 GMT