authex

Domain Security Report

authex.online

Scan Date

Monday, March 30, 2026

Report ID

DF18EDBD

“Over 90% of cyber attacks begin with email. Authentication is not optional anymore, it is your first line of defense.”

Hemanth Vishnu Akula

Founder & CEO, Authex

Section 01

Executive Summary

Good progress. SPF and DKIM are in place. DMARC enforcement needs attention to complete your protection.

Protocol Dashboard

Protocol	Status	Score
DMARC	Monitor Only	23 / 35
SPF	Hard Fail (-all)	23 / 25
DKIM	2 keys found	20 / 20
MTA-STS	DNS Record Only	2 / 10
TLS-RPT	Configured	5 / 5
BIMI	Incomplete	1 / 5

Top Priority Actions

DMARC: Progress to p=quarantine and then p=reject once you have identified all legitimate senders via RUA reports.
BIMI: Add an SVG Tiny PS logo URL to your BIMI record (l= tag).
MTA-STS: Host a valid MTA-STS policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

Section 02

Compliance Readiness

Assessment of authex.online against major email security compliance frameworks.

Framework	Reference	Requirements	Status
PCI DSS 4.0	Req 5.4.1	DMARC + SPF + DKIM	Partial
Google / Yahoo Bulk Sender	2024 Requirements	DMARC + SPF + DKIM	Partial
NIST SP 800-177	Rev. 1	SPF + DKIM + DMARC	Partial
CISA BOD 18-01	Binding Operational Directive	DMARC (p=reject)	Non-Compliant
Cyber Essentials	UK NCSC	DMARC + SPF	Partial

Section 03

DMARC. Domain-based Message Authentication, Reporting & Conformance

Monitor OnlyRFC 7489

23 / 35

DMARC policy is set to none (monitor only). Unauthorized emails are still delivered.

Configuration Details

Policy	none
Aggregate Reporting	mailto:reports@authex.online
Forensic Reporting	mailto:reports@authex.online
DKIM Alignment	relaxed
SPF Alignment	relaxed

DNS Record

v=DMARC1; p=none; rua=mailto:reports@authex.online; ruf=mailto:reports@authex.online

Recommendation: Progress to p=quarantine and then p=reject once you have identified all legitimate senders via RUA reports.

Section 04

SPF. Sender Policy Framework

Hard Fail (-all)RFC 7208

23 / 25

SPF record found with 2 DNS lookups and -all.

Configuration Details

All Mechanism	-all (hard fail)
DNS Lookups	2/10
Record Length	58 bytes

DNS Record

v=spf1 include:authex-online.spf.nullify-security.com -all

Section 05

DKIM. DomainKeys Identified Mail

2 keys foundRFC 6376

20 / 20

2 DKIM keys found (selector1, selector2).

Configuration Details

Selectors	selector1, selector2
Key Length	2048+ bit
Algorithm	rsa-sha256

DNS Record

selector1._domainkey:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcWS5JJHmpUD93IRuWr5Dj6o6azdr27Rj1wrvdw1xUMmjukFesO652laNebWuwLL3C0Xt2KBh91fvYMWP9Q4jHNI6CvBa6RoRfv8ep1704hr/X+k/UwII84TgLtJGQKHJd0kiPWRXp...

selector2._domainkey:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQk080mIF9WaV96kws5yM1VhtVUUFEtBDvIPGQrunJfRV+4pu5iSe0t3uZ418u5Jpp3kbZVzqT7bZYdSUkC1Jjpy9ImxZIfqN5rAon71UqU1CNlFPdXvjYi1ztXbABeYGLjUSq6cBf...

Section 06

Transport Security

Transport-layer email security protocols that protect messages in transit between mail servers.

MTA-STS — Mail Transfer Agent Strict Transport Security

DNS Record OnlyRFC 8461

2 / 10

MTA-STS DNS record exists for authex.online. Policy file could not be verified.

Policy ID	d5f0c5367773
Policy File	HTTP 404

v=STSv1; id=d5f0c5367773

Recommendation: Host a valid MTA-STS policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

TLS-RPT — TLS Reporting

ConfiguredRFC 8460

5 / 5

TLS-RPT is configured for authex.online. Reports on TLS delivery failures will be sent to mailto:reports@authex.online.

Report URI

mailto:reports@authex.online

v=TLSRPTv1; rua=mailto:reports@authex.online

Section 07

BIMI. Brand Indicators for Message Identification

IncompleteRFC 9495

1 / 5

BIMI record exists for authex.online but is missing key components.

DMARC Prerequisite

not met (requires p=quarantine/reject with pct=100)

v=BIMI1

Recommendation: Add an SVG Tiny PS logo URL to your BIMI record (l= tag).

Section 08

Remediation Plan

Prioritized findings and recommended fixes. These can be implemented by your internal IT team, or you can use Authex to monitor, manage, and automate these changes with our AI-powered platform starting at $9/domain per month.

#	Protocol	Finding	Severity	Fix
1	DMARC	Monitor Only	Medium	Progress to p=quarantine and then p=reject once you have identified all legitimate senders via RUA reports.
2	BIMI	Incomplete	Medium	Add an SVG Tiny PS logo URL to your BIMI record (l= tag).
3	MTA-STS	DNS Record Only	Low	Host a valid MTA-STS policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt.

Need help fixing these?

Authex continuously monitors your email authentication, detects misconfigurations, and helps you fix them. Our AI agent handles SPF flattening, DKIM rotation, and DMARC enforcement automatically. DIY plans start at $9/domain. Managed plans include a dedicated security engineer. Visit authex.online to get started with a free scan.

Section 09

Scoring Methodology

Protocol Weights

Protocol	Max Points	Weight
DMARC	35	35%
SPF	25	25%
DKIM	20	20%
MTA-STS	10	10%
TLS-RPT	5	5%
BIMI	5	5%

Grade Scale

Grade	Score Range
A+	95 - 100
A	85 - 94
B	70 - 84
C	50 - 69
D	30 - 49
F	0 - 29

authex

Generated by Authex. authex.online

Mon, 30 Mar 2026 22:38:14 GMT