authex
Domain Security Report

oc-wh.org

B71 / 100
Scan Date
Monday, March 30, 2026
Report ID
DAAF26F6
“Over 90% of cyber attacks begin with email. Authentication is not optional anymore, it is your first line of defense.”
Hemanth Vishnu Akula
Founder & CEO, Authex
Section 01

Executive Summary

Your domain is protected. SPF, DKIM, and DMARC are configured. Suspicious emails go to spam. consider moving to full reject when ready.

Protocol Dashboard

ProtocolStatusScore
DMARCQuarantine
30 / 35
SPFSoft Fail (~all)
21 / 25
DKIM3 keys found
20 / 20
MTA-STSNot Configured
0 / 10
TLS-RPTNot Configured
0 / 5
BIMINot Found
0 / 5

Top Priority Actions

  1. MTA-STS: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
  2. TLS-RPT: Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
  3. BIMI: Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
Section 02

Compliance Readiness

Assessment of oc-wh.org against major email security compliance frameworks.

FrameworkReferenceRequirementsStatus
PCI DSS 4.0Req 5.4.1DMARC + SPF + DKIMCompliant
Google / Yahoo Bulk Sender2024 RequirementsDMARC + SPF + DKIMCompliant
NIST SP 800-177Rev. 1SPF + DKIM + DMARCCompliant
CISA BOD 18-01Binding Operational DirectiveDMARC (p=reject)Non-Compliant
Cyber EssentialsUK NCSCDMARC + SPFCompliant
Section 03

DMARC. Domain-based Message Authentication, Reporting & Conformance

QuarantineRFC 7489
30 / 35

DMARC policy is set to quarantine. Suspicious emails are filtered but not blocked outright.

Configuration Details

Policyquarantine
Aggregate Reportingmailto:reports@authex.online
Forensic Reportingmailto:reports@authex.online
Subdomain Policyquarantine
DKIM Alignmentrelaxed
SPF Alignmentrelaxed

DNS Record

v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:reports@authex.online; ruf=mailto:reports@authex.online
Recommendation: Consider escalating to p=reject once compliance is consistently above 98%.
Section 04

SPF. Sender Policy Framework

Soft Fail (~all)RFC 7208
21 / 25

SPF record found with 2 DNS lookups and ~all.

Configuration Details

All Mechanism~all (soft fail)
DNS Lookups2/10
Record Length46 bytes

DNS Record

v=spf1 include:spf.protection.outlook.com ~all
Recommendation: Consider tightening to -all for stricter enforcement alongside your DMARC policy.
Section 05

DKIM. DomainKeys Identified Mail

3 keys foundRFC 6376
20 / 20

3 DKIM keys found (selector1, s1, s2).

Configuration Details

Selectorsselector1, s1, s2
Key Length2048+ bit
Algorithmrsa-sha256

DNS Record

selector1._domainkey: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD12byf2ct4ksWGzqtffjunnL6o9pRXpx0DAjNWBEUsbzYrdUHD3ZLKQ9mNjrutRNgQ0xOjLzBU8SSXJvGwgRQ3AYExMr5Kqgslfh8Wg6cRGGwQrsofUFp27GtRin4f3SJrNMTCySNuMMXUw0... s1._domainkey: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq97kwEweQdjh848wud2CCvWFfDdPwrc0E09NdkLzcD8dQt/+4TJ2FoZQO5P71HoSkoHekTUgq63ybguB+f4w2OdgvBScwoOAtM1BuXoy0d9VxcQlmbqts6aoIx/TdMKEUYxMcEmw9SatP... s2._domainkey: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+AUaPGxDsIZRVY4JUun95298WS4HiPpXd7z7tTimBbw5O8wCP5MIgbfBo3m2hKfMITt61pl3h5O7MJ1aZls8PfcocOI2E1IfMphojtsaUvBDirjx3Q8SkSgMVY6w9Jei1vXIvuaJCYPYH4A8dao...
Section 06

Transport Security

Transport-layer email security protocols that protect messages in transit between mail servers.

MTA-STS Mail Transfer Agent Strict Transport Security

Not ConfiguredRFC 8461
0 / 10

No MTA-STS record found for oc-wh.org. Inbound SMTP connections are vulnerable to TLS downgrade attacks.

Recommendation: Publish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

TLS-RPT TLS Reporting

Not ConfiguredRFC 8460
0 / 5

No TLS-RPT record found for oc-wh.org. TLS delivery failures are invisible.

Recommendation: Publish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.

BIMI Brand Indicators for Message Identification

Not FoundRFC 9495
0 / 5

No BIMI record found for oc-wh.org. Brand logo will not appear in supporting email clients.

Recommendation: Publish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
Section 07

Remediation Plan

Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.

#ProtocolFindingSeverityFix
1MTA-STSNot ConfiguredHighPublish an MTA-STS TXT record and host a policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.
2TLS-RPTNot ConfiguredHighPublish a TLS-RPT record to receive reports when sending servers fail to establish encrypted connections.
3BIMINot FoundHighPublish a BIMI record with your brand SVG logo. Requires DMARC at p=quarantine or p=reject with pct=100.
4DMARCQuarantineLowConsider escalating to p=reject once compliance is consistently above 98%.
5SPFSoft Fail (~all)LowConsider tightening to -all for stricter enforcement alongside your DMARC policy.
Need help fixing these?

Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.

Section 08

Scoring Methodology

Protocol Weights

ProtocolMax PointsWeight
DMARC3535%
SPF2525%
DKIM2020%
MTA-STS1010%
TLS-RPT55%
BIMI55%

Grade Scale

GradeScore Range
A+95 - 100
A85 - 94
B70 - 84
C50 - 69
D30 - 49
F0 - 29
authex
Generated by Authex. authex.online
Mon, 30 Mar 2026 20:32:30 GMT