Email Authentication Check

allegro.pl

This check reviews your domain's email authentication setup to help protect against spoofing and phishing.

DMARC SPF BIMI TLS-RPT MTA-STS

All data shown is public and sourced from DNS.

Last checked about 12 hours ago

0 out of 110
Good

allegro.pl domain score

Your domain has basic email authentication in place. Consider strengthening your configuration for better protection.

SPF
Sender Policy Framework
30 / 30
DMARC
Domain-based Message Authentication
27 / 50
BIMI
Brand Indicators for Message Identification
20 / 20
TLS
TLS Security (MTA-STS & TLS-RPT)
0 / 10

Top Recommendation

+10

Add aggregate reporting (rua) to receive DMARC reports

DMARC improvement

allegro.pl has a DMARC record but no reporting configured, limiting visibility into authentication results. SPF is correctly configured with a strict policy (-all), specifying which servers may send on its behalf. A few improvements would strengthen allegro.pl's email authentication posture.

Curious how this compares? See the DMARC posture of the top 100 domains.

0

DMARC Check Results

27 / 50 points

Score Breakdown

DMARC record published
+10
Syntax valid
+5
Quarantine policy
+12 / 20
Aggregate reporting (rua) not configured
0 / 10
Forensic reporting (ruf) not configured (optional)
0 / 5

Configuration issues detected

DMARC record is valid but no reporting email is configured.

Entry:

v=DMARC1; p=quarantine; adkim=r; aspf=r; rf=afrf;

Without a reporting address (rua), you won't receive aggregate reports from email providers. These reports show who is sending email as your domain and whether authentication passes or fails.

Read more: DMARC policy migration from p=none to p=reject.

Enable Reports Now

Great! You have a DMARC policy in place. Now start receiving reports in your own monitoring inbox to track email authentication results and identify potential issues.

  • Automated DMARC report processing every 5 minutes
  • Track all sending sources and authentication results
  • Email alerts when your DNS records change
Start free monitoring
0

BIMI Check (default selector)

20 / 20 points

Score Breakdown

BIMI record published
+5
BIMI record valid
+5
Logo URL accessible and valid SVG
+5
Verified Mark Certificate (VMC) valid
+5

BIMI Record Found and Looks Good

Current BIMI Entry:

v=BIMI1; l=https://allegro.pl/allegro-bimi.svg; a=https://allegro.pl/allegro-bimi.pem;

Logo URL

https://allegro.pl/allegro-bimi.svg

image/svg+xml

Note: We do not parse SVG content for safety.

Mark Certificate

https://allegro.pl/allegro-bimi.pem

Valid PEM detected

0

SPF Record Check Results

30 / 30 points

Score Breakdown

SPF record published
+10
Syntax valid
+5
Hard fail policy (-all)
+10
No configuration warnings
+5

SPF record is valid.

allegro.pl TXT SPF Entry:

v=spf1 include:_spf.google.com include:spf.tmes.trendmicro.eu include:_spf.salesforce.com ip4:193.23.48.0/24 ip4:193.203.222.0/23 ip4:194.0.251.0/24 ip4:91.194.188.0/23 ip4:91.207.14.0/23 ip4:178.21.152.0/21 ip4:5.134.208.0/21 ip4:185.31.24.0/22 -all

Syntax Check

OK

DNS Lookup Count

4 / 10 max

Root-level mechanisms requiring DNS queries: 3.

Void Lookups

0 / 2 max

Default Policy

-all

Fail: Reject emails from unauthorized servers (recommended for production)

All Authorized IP Addresses

Grouped by DNS record source (includes and sub-includes)

allegro.pl (Root SPF Record)
193.23.48.0/24
193.203.222.0/23
194.0.251.0/24
91.194.188.0/23
91.207.14.0/23
178.21.152.0/21
5.134.208.0/21
185.31.24.0/22

This record also contains:

include:_spf.google.com - Google include:spf.tmes.trendmicro.eu include:_spf.salesforce.com
include:_spf.google.com | Google
74.125.0.0/16
209.85.128.0/17
2001:4860:4864::/56
2404:6800:4864::/56
2607:f8b0:4864::/56
2800:3f0:4864::/56
2a00:1450:4864::/56
2c0f:fb50:4864::/56
include:spf.tmes.trendmicro.eu
18.185.115.0/25
18.185.115.128/26
34.253.238.128/26
34.253.238.192/26
3.72.196.143
18.156.0.20
35.156.245.132
18.208.22.124
18.208.22.125
18.96.32.128/27
2a05:d014:10e:d900::/60

DNS Lookup Details

1
include:
_spf.google.com | Google
Valid

SPF record found

Lookup cost: 0
Included by allegro.pl

TXT Record

v=spf1 ip4:74.125.0.0/16 ip4:209.85.128.0/17 ip6:2001:4860:4864::/56 ip6:2404:6800:4864::/56 ip6:2607:f8b0:4864::/56 ip6:2800:3f0:4864::/56 ip6:2a00:1450:4864::/56 ip6:2c0f:fb50:4864::/56 ~all

Processed recursively per RFC 7208

2
include:
spf.tmes.trendmicro.eu
Valid

SPF record found

Lookup cost: 0
Included by allegro.pl

TXT Record

v=spf1 ip4:18.185.115.0/25 ip4:18.185.115.128/26 ip4:34.253.238.128/26 ip4:34.253.238.192/26 ip4:3.72.196.143 ip4:18.156.0.20 ip4:35.156.245.132 ip4:18.208.22.124 ip4:18.208.22.125 ip4:18.96.32.128/27 ip6:2a05:d014:10e:d900::/60 ~all

Processed recursively per RFC 7208

3
include:
_spf.salesforce.com
Valid

SPF record found

Lookup cost: 1
Included by allegro.pl

TXT Record

v=spf1 exists:%{i}._spf.mta.salesforce.com -all

Processed recursively per RFC 7208

4
exists:
%{i}._spf.mta.salesforce.com
Macro

Dynamic SPF macro - counts as 1 potential lookup when evaluated at delivery time

SPF Macro Variables:

%{i} = sender IP address

This mechanism uses SPF macros that are expanded when an email is received. The actual domain queried depends on the sender's IP address and other connection details.

Lookup cost: 1
0

TLS Security

0 / 10 points

Score Breakdown

TLS-RPT record configured (optional)
0 / 5
MTA-STS policy configured (optional)
0 / 5

TLS-RPT (Reporting)

TLS-RPT Not Configured

Publish a TXT record at _smtp._tls.allegro.pl with v=TLSRPTv1 and reporting URI (rua=).

MTA-STS (Policy)

MTA-STS Not Configured

Publish a TXT record at _mta-sts.allegro.pl with v=STSv1 and policy ID (id=).

Protect inbound transport

You've checked your outbound authentication. But without MTA-STS and TLS-RPT, mail delivered to allegro.pl isn't protected against transport downgrade attacks. Receiver Shield helps you deploy, monitor, and safely enforce transport security.

Start Monitoring

Know when your DNS records change

The check you just ran shows your current configuration. But DNS records change, sometimes without you knowing. A well-meaning IT change, a third-party provider update, or an unauthorized modification can break your email delivery overnight.

Configuration Drift

IT changes that accidentally break authentication

Provider Updates

Third-party services changing their SPF includes

Unauthorized Changes

Attackers modifying records to send as you

DMARCTrust monitors your DNS records continuously. When something changes, you get an email alert with exactly what changed and why it matters. No more surprises when customers complain their emails bounced.

Monitor allegro.pl free

Email Security Configuration

How allegro.pl configures email authentication

DMARC Domain Policy
Configured
v=DMARC1; p=quarantine; adkim=r; aspf=r; rf=afrf;
p=quarantine DKIM: relaxed SPF: relaxed
SPF Sender Authorization
Configured
v=spf1 include:_spf.google.com include:spf.tmes.trendmicro.eu include:_spf.salesforce.com ip4:193.23.48.0/24 ip4:193.203.222.0/23 ip4:194.0.251.0/24 ip4:91.194.188.0/23 ip4:91.207.14.0/23 ip4:178.21.152.0/21 ip4:5.134.208.0/21 ip4:185.31.24.0/22 -all
-all 3 includes 8 IPs
BIMI Brand Indicator
Configured
v=BIMI1; l=https://allegro.pl/allegro-bimi.svg; a=https://allegro.pl/allegro-bimi.pem;
Logo configured VMC certificate

Change History

Warning SPF modified February 13, 2026

New SPF include added: spf.tmes.trendmicro.eu

Before v=spf1 include:_spf.google.com include:spf.tmes.trendmicro.com include:_spf.salesforce.com ip4:193.23.48.0/24 ip4:193.203.222.0/23 ip4:194.0.251.0/24 ip4:91.194.188.0/23 ip4:91.207.14.0/23 ip4:178.21.152.0/21 ip4:5.134.208.0/21 ip4:185.31.24.0/22 -all
After v=spf1 include:_spf.google.com include:spf.tmes.trendmicro.eu include:_spf.salesforce.com ip4:193.23.48.0/24 ip4:193.203.222.0/23 ip4:194.0.251.0/24 ip4:91.194.188.0/23 ip4:91.207.14.0/23 ip4:178.21.152.0/21 ip4:5.134.208.0/21 ip4:185.31.24.0/22 -all
Monitoring started January 10, 2026

Check Another Domain

Run a free email authentication check (DMARC, SPF, BIMI).

We will generate a shareable URL for your domain.

Try popular examples: google.com, amazon.com, booking.com

Explore other domains

Discover how other organizations configure their email authentication

Popular Domains

Frequently checked

Well-Configured

Reject policy + valid SPF

Same Policy

Also using quarantine

Showing domains checked by our users. All data is from public DNS records.

About This Checker

What we check

We analyze your domain's email authentication: DMARC policy and alignment, SPF record and includes, and BIMI logo and certificate status when present.

Why it matters

Healthy authentication improves delivery and blocks spoofing. Major inbox providers increasingly expect DMARC and aligned SPF/DKIM from senders.

Included features

  • DMARC syntax, policy, and reporting validation
  • SPF record evaluation and include analysis
  • DKIM/SPF alignment interpretation
  • BIMI record and VMC detection
  • Clear setup and remediation guidance

Monitor your email authentication 24/7

This check shows a snapshot. With DMARCTrust, you get continuous monitoring of your DMARC reports and DNS records, with instant alerts when something changes.

Start monitoring allegro.pl View Plans