Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.
| Protocol | Status | Score |
|---|---|---|
| DMARC | Quarantine | 28 / 35 |
| SPF | Configured | 17 / 25 |
| DKIM | Found (mail) | 17 / 20 |
| MTA-STS | Not Configured | 0 / 10 |
| TLS-RPT | Not Configured | 0 / 5 |
| BIMI | Not Found | 0 / 5 |
Assessment of dzen.ru against major email security compliance frameworks.
| Framework | Reference | Requirements | Status |
|---|---|---|---|
| PCI DSS 4.0 | Req 5.4.1 | DMARC + SPF + DKIM | Compliant |
| Google / Yahoo Bulk Sender | 2024 Requirements | DMARC + SPF + DKIM | Compliant |
| NIST SP 800-177 | Rev. 1 | SPF + DKIM + DMARC | Compliant |
| CISA BOD 18-01 | Binding Operational Directive | DMARC (p=reject) | Non-Compliant |
| Cyber Essentials | UK NCSC | DMARC + SPF | Compliant |
DMARC policy is set to quarantine. Suspicious emails are filtered but not blocked outright.
| Policy | quarantine |
| Aggregate Reporting | mailto:mailauth-reports@dzen.ru |
| Subdomain Policy | quarantine |
| DKIM Alignment | relaxed |
| SPF Alignment | relaxed |
SPF record found with 1 DNS lookup and no all mechanism.
| All Mechanism | not specified |
| DNS Lookups | 1/10 |
| Record Length | 28 bytes |
DKIM key found at selector "mail".
| Selector | |
| Key Length | ~1024 bit |
| Algorithm | rsa-sha256 |
Transport-layer email security protocols that protect messages in transit between mail servers.
No MTA-STS record found for dzen.ru. Inbound SMTP connections are vulnerable to TLS downgrade attacks.
No TLS-RPT record found for dzen.ru. TLS delivery failures are invisible.
No BIMI record found for dzen.ru. Brand logo will not appear in supporting email clients.
Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.
| # | Protocol | Finding | Severity | Fix |
|---|---|---|---|---|
| 1 | MTA-STS | Not Configured | High | Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt. |
| 2 | TLS-RPT | Not Configured | High | Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections. |
| 3 | BIMI | Not Found | High | Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100. |
| 4 | DMARC | Quarantine | Low | Consider escalating to p=reject once compliance is consistently above 98%. |
| 5 | DKIM | Found (mail) | Low | Upgrade DKIM key to 2048-bit for stronger cryptographic security. |
Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.
| Protocol | Max Points | Weight |
|---|---|---|
| DMARC | 35 | 35% |
| SPF | 25 | 25% |
| DKIM | 20 | 20% |
| MTA-STS | 10 | 10% |
| TLS-RPT | 5 | 5% |
| BIMI | 5 | 5% |
| Grade | Score Range |
|---|---|
| A+ | 95 - 100 |
| A | 85 - 94 |
| B | 70 - 84 |
| C | 50 - 69 |
| D | 30 - 49 |
| F | 0 - 29 |