Email Authentication Check

dmarctrust.com

This check reviews your domain's email authentication setup to help protect against spoofing and phishing.

DMARC SPF BIMI TLS-RPT MTA-STS

All data shown is public and sourced from DNS.

Last checked about 1 hour ago

0 out of 110
Very Good

dmarctrust.com domain score

Your domain has strong email authentication. A few improvements can get you to a perfect score.

SPF
Sender Policy Framework
30 / 30
DMARC
Domain-based Message Authentication
42 / 50
BIMI
Brand Indicators for Message Identification
15 / 20
TLS
TLS Security (MTA-STS & TLS-RPT)
10 / 10

Top Recommendation

+8

Upgrade DMARC policy to reject for stronger protection

DMARC improvement

dmarctrust.com has a DMARC quarantine policy, directing unauthenticated emails to spam. SPF is correctly configured with a strict policy (-all), specifying which servers may send on its behalf. Overall, dmarctrust.com has solid email authentication with room for minor improvements.

Curious how this compares? See the DMARC posture of the top 100 domains.

0

DMARC Check Results

42 / 50 points

Score Breakdown

DMARC record published
+10
Syntax valid
+5
Quarantine policy
+12 / 20
Aggregate reporting (rua) configured and verified
+10
Forensic reporting (ruf) configured
+5

DMARC check passed: properly configured

DMARC record is valid and configured correctly.

_dmarc.dmarctrust.com TXT Entry:

v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; adkim=s; aspf=s;

Policy (p)

quarantine

DKIM Alignment (adkim)

Strict (s)

SPF Alignment (aspf)

Strict (s)

Understanding alignment modes

DKIM Alignment (adkim)

Strict mode: The DKIM signature's domain must exactly match the "From" header domain.

SPF Alignment (aspf)

Strict mode: The SPF "Return-Path" domain must exactly match the "From" header domain.

Note: When alignment parameters are not specified, DMARC defaults to relaxed mode for both DKIM and SPF alignment.

Reporting (RUA/RUF)

Aggregate Reports

Configured
[email protected]
Learn more about aggregate reports →

Forensic Reports

Configured
[email protected]
Learn more about forensic reports →
0

BIMI Check (default selector)

15 / 20 points

Score Breakdown

BIMI record published
+5
BIMI record valid
+5
Logo URL accessible and valid SVG
+5
No VMC certificate configured (optional)
0 / 5

BIMI Record Found and Looks Good

Current BIMI Entry:

v=BIMI1; l=https://www.dmarctrust.com/icon_tiny_ps-2.svg

Logo URL

https://www.dmarctrust.com/icon_tiny_ps-2.svg

image/svg+xml

Note: We do not parse SVG content for safety.

Mark Certificate

No certificate URL provided (a=). Optional when using self-asserted logos.

0

SPF Record Check Results

30 / 30 points

Score Breakdown

SPF record published
+10
Syntax valid
+5
Hard fail policy (-all)
+10
No configuration warnings
+5

SPF record is valid.

dmarctrust.com TXT SPF Entry:

v=spf1 include:_spf.mx.cloudflare.net include:_spf.tem.scaleway.com include:spf.messagingengine.com -all

Syntax Check

OK

DNS Lookup Count

3 / 10 max

Void Lookups

0 / 2 max

Default Policy

-all

Fail: Reject emails from unauthorized servers (recommended for production)

All Authorized IP Addresses

Grouped by DNS record source (includes and sub-includes)

include:_spf.mx.cloudflare.net
104.30.0.0/19
2405:8100:c000::/38
include:_spf.tem.scaleway.com
62.210.3.0/24
51.159.124.109/32
51.159.124.110/32
2001:bc8:1000:100::/56
2001:bc8:1000:200::/56
2001:bc8:702:10be::/64
2001:bc8:702:11a1::/64
include:spf.messagingengine.com | FastMail
103.168.172.128/27
202.12.124.128/27

DNS Lookup Details

1
include:
_spf.mx.cloudflare.net
Valid

SPF record found

Lookup cost: 0
Included by dmarctrust.com

TXT Record

v=spf1 ip4:104.30.0.0/19 ip6:2405:8100:c000::/38 ~all

Processed recursively per RFC 7208

2
include:
_spf.tem.scaleway.com
Valid

SPF record found

Lookup cost: 0
Included by dmarctrust.com

TXT Record

v=spf1 ip4:62.210.3.0/24 ip6:2001:bc8:1000:100::/56 ip6:2001:bc8:1000:200::/56 ip4:51.159.124.109/32 ip4:51.159.124.110/32 ip6:2001:bc8:702:10be::/64 ip6:2001:bc8:702:11a1::/64 ~all

Processed recursively per RFC 7208

3
include:
spf.messagingengine.com | FastMail
Valid

SPF record found

Lookup cost: 0
Included by dmarctrust.com

TXT Record

v=spf1 ip4:103.168.172.128/27 ip4:202.12.124.128/27 -all

Processed recursively per RFC 7208

0

TLS Security

10 / 10 points

Score Breakdown

TLS-RPT record configured
+5
MTA-STS policy configured
+5

TLS-RPT (Reporting)

TLS-RPT Reporting Configured

Current TLS-RPT Entry:

v=TLSRPTv1; rua=mailto:[email protected]

Reporting URIs:

mailto:[email protected]

MTA-STS (Policy)

MTA-STS Policy Configured

Current MTA-STS Entry:

v=STSv1; id=2e7777b0240786db;

Policy ID:

2e7777b0240786db

Know when your DNS records change

The check you just ran shows your current configuration. But DNS records change, sometimes without you knowing. A well-meaning IT change, a third-party provider update, or an unauthorized modification can break your email delivery overnight.

Configuration Drift

IT changes that accidentally break authentication

Provider Updates

Third-party services changing their SPF includes

Unauthorized Changes

Attackers modifying records to send as you

DMARCTrust monitors your DNS records continuously. When something changes, you get an email alert with exactly what changed and why it matters. No more surprises when customers complain their emails bounced.

Start Monitoring

Check Another Domain

Run a free email authentication check (DMARC, SPF, BIMI).

We will generate a shareable URL for your domain.

Try popular examples: google.com, amazon.com, booking.com

Explore other domains

Discover how other organizations configure their email authentication

Popular Domains

Frequently checked

Well-Configured

Reject policy + valid SPF

Same Policy

Also using quarantine

Showing domains checked by our users. All data is from public DNS records.

About This Checker

What we check

We analyze your domain's email authentication: DMARC policy and alignment, SPF record and includes, and BIMI logo and certificate status when present.

Why it matters

Healthy authentication improves delivery and blocks spoofing. Major inbox providers increasingly expect DMARC and aligned SPF/DKIM from senders.

Included features

  • DMARC syntax, policy, and reporting validation
  • SPF record evaluation and include analysis
  • DKIM/SPF alignment interpretation
  • BIMI record and VMC detection
  • Clear setup and remediation guidance

Monitor your email authentication 24/7

This check shows a snapshot. With DMARCTrust, you get continuous monitoring of your DMARC reports and DNS records, with instant alerts when something changes.

Start Monitoring Now View Plans