Discover Your Free Cyber Security Risk Score

Enter your company's website to reveal your cyber security risk score, covering email, brand, and web security. Get an award to showcase your organization's commitment to cyber security and stand out from the competition.

Enter Website Domain

You may use your award graphic as per the award licensing agreement.

Email Risk Score

DMARC0

DMARC (Domain-based Message Authentication, Reporting, and Conformance) combats email fraud by enforcing domain authentication, reducing phishing risks, and providing insights into email traffic for enhanced security and deliverability. Learn more.

SPF0

SPF (Sender Policy Framework) in email security verifies sender authenticity, preventing email spoofing and phishing by validating that the sender's IP is authorized to send on behalf of the domain. Learn more.

MTA-STS0

MTA-STS (Mail Transfer Agent Strict Transport Security) enhances email security by enforcing encrypted communication, reducing man-in-the-middle attacks, and ensuring trustworthy email transmission. Learn more.

TLS-RPT0

TLS RPT (TLS Reporting and Compliance) enhances security by providing insights into email servers' TLS encryption status, helping organizations identify vulnerabilities and improve email communication privacy effectively. Learn more.

Domain and Brand Risk Score

DMARC0

SPF0

CAA0

Certificate Authority Authorization (CAA) is important for web security, empowering domain owners to control which CAs can issue certificates, fortifying trust, and mitigating unauthorized certificate issuance risks. Learn more.

Website Risk Score

HTTPS Headers0

HTTPS is crucial for online security, encrypting data exchanged between users and websites, safeguarding sensitive information, ensuring privacy, and establishing trust in digital communications. Secure headers protect from leaking of sentitive information and click/session hijacking attacks. Learn more.

Patching Frequency

Frequent patching enhances security by promptly addressing and fixing vulnerabilities in software, preventing exploitation by malicious actors. This proactive approach ensures that systems remain resilient against evolving threats, reducing the risk of unauthorized access and data breaches. Learn more.

Visibility Risk Score

DMARC0

TLS-RPT0

Vulnerability Disclosure Score0

A vulnerability disclosure program is crucial for cybersecurity, as it encourages ethical hackers to report security flaws, enabling organizations to address vulnerabilities promptly and enhance overall digital protection. Learn more.

Domain-based Message Authentication Reporting and Conformance (DMARC)

DMARC, or Domain-based Message Authentication, Reporting, and Conformance, is an email authentication protocol. It helps prevent email phishing and spoofing by allowing senders to specify policies for email validation. DMARC is crucial as it enhances email security, protects sender reputation, and ensures recipients receive legitimate emails, reducing phishing threats.

DMARC Placeholder record

v=DMARC1

Mandatory for all DMARC records.

Not Found

p=reject

A strong DMARC policy is set to p=reject, this is followed in strength by p=quarantine, and p=none.

pct

pct=100

Percentage (pct) of the number of messages the policy will apply to. Defaults to 100 if pct= is omitted.

rua

Not Found

dmarc@

Aggregate Reporting

ruf

Not Found

dmarc@

Forensic Reporting

Sender Policy Framework (SPF)

SPF (Sender Policy Framework) is an email authentication method that verifies the authenticity of the sender's domain. It prevents email spoofing by specifying authorized mail servers for a domain. SPF is crucial as it ensures incoming emails are legitimate, reducing the risk of phishing attacks and spam.

Not found

v=spf1

Mandatory for all SPF records.

Fail type

-all

A strong SPF policy ends with "-all", without the quotation marks.

TLS Reporting (TLS-RPT)

TLS Reporting (TLS-RPT) enables domain owners to receive reports about email delivery issues, enhancing email security. It helps diagnose misconfigurations, detect potential attacks, and ensures proper implementation of Transport Layer Security (TLS) protocols. TLS-RPT is crucial for maintaining secure and reliable email communication.

TLS Placeholder record

v=TLSRPTv1

Mandatory for all MTA-STS records.

Not found

id=undefined

A strong SPF policy ends with "-all", without the quotation marks.

Mail Transfer Agent Strict Transport Security (MTA-STS)

MTA-STS ensures secure email transmission by enforcing encryption, thwarting encryption downgrade attacks, and protecting against man-in-the-middle threats. It's vital for safeguarding sensitive data, preventing unauthorized access, and maintaining the integrity and confidentiality of email communications.

MTA STS Placeholder record

v=STSv1

Mandatory for all MTA-STS records.

Not found

id=undefined

A strong SPF policy ends with "-all", without the quotation marks.

Certificate Authority Authorization (CAA)

CAA (Certificate Authority Authorization) is a DNS record that allows domain owners to specify which certificate authorities are authorized to issue SSL/TLS certificates for their domain. It's important for enhancing security by preventing unauthorized issuance, reducing the risk of man-in-the-middle attacks and ensuring the validity of digital certificates.

issue

CAA Placeholder record

RFC 7208 - A "fail" [-all] result is an explicit statement that the client is not authorized to use the domain in the given identity.

RFC 7208 - A "softfail" [~all] result is a weak statement by the publishing ADMD [Administrative Management Domain] that the host is probably not authorized. It has not published a stronger, more definitive policy that results in a "fail".

RFC 7208 - A "neutral" [?all] result means the ADMD [Administrative Management Domain] has explicitly stated that it is not asserting whether the IP address is authorized... a "neutral" result must be treated exactly like the "none "result"... "with a "none" result, the SPF verifier has no information at all about the authorization of lack thereof...

RFC 7208 - A "pass" [+all] result is an explicit statement that the client is authorized to inject mail with the given identity.

Disclaimer: The suggestions above are based on the existing records we've found for your domain. For example, if you are already using mail servers in your old SPF record, the new one will have those same servers. With that in mind, when updating records ensure you check the records to make sure your servers and services list is up to date.

Discover Your Free Cyber Security Risk Score

Enter Website Domain

Live Scan Not Possible

Domain-based Message Authentication Reporting and Conformance (DMARC)

Sender Policy Framework (SPF)

TLS Reporting (TLS-RPT)

Mail Transfer Agent Strict Transport Security (MTA-STS)

Certificate Authority Authorization (CAA)

RFC 7208 - A "fail" [-all] result is an explicit statement that the client is not authorized to use the domain in the given identity.

RFC 7208 - A "softfail" [~all] result is a weak statement by the publishing ADMD [Administrative Management Domain] that the host is probably not authorized. It has not published a stronger, more definitive policy that results in a "fail".

RFC 7208 - A "pass" [+all] result is an explicit statement that the client is authorized to inject mail with the given identity.