Email Authentication Check

mit.edu

This check reviews your domain's email authentication setup to help protect against spoofing and phishing.

DMARC SPF BIMI TLS-RPT MTA-STS

All data shown is public and sourced from DNS.

Last checked about 11 hours ago

0 out of 110
Good

mit.edu domain score

Your domain has basic email authentication in place. Consider strengthening your configuration for better protection.

SPF
Sender Policy Framework
30 / 30
DMARC
Domain-based Message Authentication
29 / 50
BIMI
Brand Indicators for Message Identification
0 / 20
TLS
TLS Security (MTA-STS & TLS-RPT)
0 / 10

Top Recommendation

+16

Upgrade DMARC policy to quarantine or reject for stronger protection

DMARC improvement

mit.edu has a DMARC record in monitor-only mode (p=none), which tracks authentication failures without blocking them. SPF is correctly configured with a strict policy (-all), specifying which servers may send on its behalf. A few improvements would strengthen mit.edu's email authentication posture.

Curious how this compares? See the DMARC posture of the top 100 domains.

0

DMARC Check Results

29 / 50 points

Score Breakdown

DMARC record published
+10
Syntax valid
+5
None policy (monitoring only)
+4 / 20
Aggregate reporting (rua) configured and verified
+10
Forensic reporting (ruf) not configured (optional)
0 / 5

DMARC check passed: properly configured

DMARC record is valid and configured correctly.

_dmarc.mit.edu TXT Entry:

v=DMARC1; p=none; rua=mailto:[email protected]

Policy (p)

none

DKIM Alignment (adkim)

Relaxed (default)

SPF Alignment (aspf)

Relaxed (default)

Reporting (RUA/RUF)

Aggregate Reports

Configured
[email protected]
Learn more about aggregate reports →

Forensic Reports

Not Configured
Learn more about forensic reports →

Add Our Monitoring System

You can add our monitoring system alongside your existing setup. DMARC supports multiple mailto: addresses, giving you additional visibility and backup reporting.

  • Automated DMARC report processing every 5 minutes
  • Track all sending sources and authentication results
  • Email alerts when your DNS records change
Start free monitoring
0

BIMI Check (default selector)

0 / 20 points

Score Breakdown

BIMI record published (optional)
0 / 5

No BIMI Record Found

Publish a TXT record at default._bimi.mit.edu with v=BIMI1, logo URL (l=) and optional verified mark certificate (a=).

Create BIMI Record for mit.edu
0

SPF Record Check Results

30 / 30 points

Score Breakdown

SPF record published
+10
Syntax valid
+5
Hard fail policy (-all)
+10
No configuration warnings
+5

SPF record is valid.

mit.edu TXT SPF Entry:

v=spf1 include:_s00430413.autospf.email -all

Syntax Check

OK

DNS Lookup Count

10 / 10 max

Close to RFC limit!

SPF Optimizer keeps you safe as you add services.

Read more: SPF errors and the 10-lookup limit.

Root-level mechanisms requiring DNS queries: 1.

Void Lookups

0 / 2 max

Default Policy

-all

Fail: Reject emails from unauthorized servers (recommended for production)

All Authorized IP Addresses

Grouped by DNS record source (includes and sub-includes)

include:_s00430413.autospf.email
3.99.6.92
52.61.91.9
69.72.41.2
52.42.20.3
62.23.85.10
18.9.1.0/24
69.72.41.28
52.101.9.21
52.101.40.6
207.54.75.14
207.54.75.15
207.54.75.16
142.0.177.24
142.0.187.58
52.222.73.83
52.222.62.51
52.222.75.85
160.1.62.192
15.200.21.50
18.7.16.0/24
18.7.21.0/24
18.7.34.0/24
18.7.62.0/24
18.7.68.0/24

This record also contains:

include:_s004304130.autospf.email
include:_s004304130.autospf.email
18.7.71.0/24
18.9.21.0/24
18.9.25.0/24
18.9.28.0/24
74.112.64.38
129.41.172.4
69.72.32.253
69.72.47.188
69.72.34.120
69.72.45.120
12.228.6.215
52.45.50.190
52.31.29.196
52.60.142.64
13.237.94.13
54.66.240.63
40.92.0.0/15
52.5.134.202
52.101.41.58
52.101.41.54
154.62.6.0/24
207.54.83.136
207.54.83.137

This record also contains:

include:_s004304131.autospf.email
include:_s004304131.autospf.email
207.54.83.138
69.20.119.219
63.32.240.193
52.19.113.120
74.125.0.0/16
52.222.89.228
15.200.44.248
139.60.0.0/22
74.112.65.118
208.85.54.226
129.41.172.69
13.111.0.0/16
143.55.237.88
167.89.0.0/17
50.31.32.0/19
198.21.0.0/21
149.72.0.0/16
52.76.190.252
3.218.253.173
35.160.78.215
54.195.228.99
40.172.14.241

This record also contains:

include:_s004304132.autospf.email
include:_s004304132.autospf.email
40.107.0.0/16
52.100.0.0/15
52.102.0.0/16
52.103.0.0/17
104.47.0.0/17
34.251.228.195
142.0.176.0/20
69.48.230.0/25
20.96.12.43/32
20.1.130.13/32
98.97.248.0/21
64.69.212.0/24
15.200.201.185
159.183.195.16
143.55.237.127
143.55.237.162
143.55.237.120
185.12.80.0/22
216.198.0.0/18
168.245.0.0/17
159.183.0.0/16

This record also contains:

include:_s004304133.autospf.email
include:_s004304133.autospf.email
13.215.187.237
40.172.175.158
45.14.148.0/22
20.1.128.197/32
20.10.24.226/32
209.85.128.0/17
139.60.152.0/22
198.187.196.100
198.187.196.130
198.245.81.0/24
159.135.226.248
159.135.233.165
12.228.6.215/32
208.117.48.0/20
198.37.144.0/20
134.128.64.0/19
134.128.96.0/19
87.253.232.0/21
69.20.119.216/29
76.12.109.192/27

This record also contains:

include:_s004304134.autospf.email
include:_s004304134.autospf.email
67.59.141.128/28
70.42.227.151/32
70.42.227.152/32
20.114.186.35/32
162.247.216.0/22
52.222.73.120/32
139.146.160.0/25
136.147.176.0/24
136.147.182.0/24
136.147.135.0/24
199.122.123.0/24
103.151.192.0/23
188.172.128.0/20
192.161.144.0/20
192.254.112.0/20
223.165.113.0/24
223.165.115.0/24
223.165.118.0/23
223.165.120.0/23

This record also contains:

include:_s004304135.autospf.email
include:_s004304135.autospf.email
185.189.236.0/22
185.211.120.0/22
185.250.236.0/22
209.41.176.224/28
20.119.174.191/32
20.230.106.230/32
20.119.207.133/32
54.186.193.102/32
204.232.162.112/28
204.232.180.112/29
204.232.180.128/29
139.146.146.128/25
2800:3f0:4864::/56
2a01:111:f400::/48
2a01:111:f403::/49
2001:4860:4864::/56
2404:6800:4864::/56

This record also contains:

include:_s004304136.autospf.email
include:_s004304136.autospf.email
2607:f8b0:4864::/56
2a00:1450:4864::/56
2c0f:fb50:4864::/56
2a01:111:f403:f913::
2a01:111:f403:f908::2
2a01:111:f403:f804::2
2a01:111:f403:c946::2
2a01:111:f403:8000::/51
2a01:111:f403:c000::/51
2a01:111:f403:f000::/52

DNS Lookup Details

1
include:
_s00430413.autospf.email
Valid

SPF record found

Lookup cost: 1
Included by mit.edu

TXT Record

v=spf1 ip4:3.99.6.92 ip4:52.61.91.9 ip4:69.72.41.2 ip4:52.42.20.3 ip4:62.23.85.10 ip4:18.9.1.0/24 ip4:69.72.41.28 ip4:52.101.9.21 ip4:52.101.40.6 ip4:207.54.75.14 ip4:207.54.75.15 ip4:207.54.75.16 ip4:142.0.177.24 ip4:142.0.187.58 ip4:52.222.73.83 ip4:52.222.62.51 ip4:52.222.75.85 ip4:160.1.62.192 ip4:15.200.21.50 ip4:18.7.16.0/24 ip4:18.7.21.0/24 ip4:18.7.34.0/24 ip4:18.7.62.0/24 ip4:18.7.68.0/24 include:_s004304130.autospf.email -all

Processed recursively per RFC 7208

2
include:
_s004304130.autospf.email
Valid

SPF record found

Lookup cost: 1
Included by _s00430413.autospf.email

TXT Record

v=spf1 ip4:18.7.71.0/24 ip4:18.9.21.0/24 ip4:18.9.25.0/24 ip4:18.9.28.0/24 ip4:74.112.64.38 ip4:129.41.172.4 ip4:69.72.32.253 ip4:69.72.47.188 ip4:69.72.34.120 ip4:69.72.45.120 ip4:12.228.6.215 ip4:52.45.50.190 ip4:52.31.29.196 ip4:52.60.142.64 ip4:13.237.94.13 ip4:54.66.240.63 ip4:40.92.0.0/15 ip4:52.5.134.202 ip4:52.101.41.58 ip4:52.101.41.54 ip4:154.62.6.0/24 ip4:207.54.83.136 ip4:207.54.83.137 include:_s004304131.autospf.email -all

Processed recursively per RFC 7208

3
include:
_s004304131.autospf.email
Valid

SPF record found

Lookup cost: 1
Included by _s004304130.autospf.email

TXT Record

v=spf1 ip4:207.54.83.138 ip4:69.20.119.219 ip4:63.32.240.193 ip4:52.19.113.120 ip4:74.125.0.0/16 ip4:52.222.89.228 ip4:15.200.44.248 ip4:139.60.0.0/22 ip4:74.112.65.118 ip4:208.85.54.226 ip4:129.41.172.69 ip4:13.111.0.0/16 ip4:143.55.237.88 ip4:167.89.0.0/17 ip4:50.31.32.0/19 ip4:198.21.0.0/21 ip4:149.72.0.0/16 ip4:52.76.190.252 ip4:3.218.253.173 ip4:35.160.78.215 ip4:54.195.228.99 ip4:40.172.14.241 include:_s004304132.autospf.email -all

Processed recursively per RFC 7208

4
include:
_s004304132.autospf.email
Valid

SPF record found

Lookup cost: 1
Included by _s004304131.autospf.email

TXT Record

v=spf1 ip4:40.107.0.0/16 ip4:52.100.0.0/15 ip4:52.102.0.0/16 ip4:52.103.0.0/17 ip4:104.47.0.0/17 ip4:34.251.228.195 ip4:142.0.176.0/20 ip4:69.48.230.0/25 ip4:20.96.12.43/32 ip4:20.1.130.13/32 ip4:98.97.248.0/21 ip4:64.69.212.0/24 ip4:15.200.201.185 ip4:159.183.195.16 ip4:143.55.237.127 ip4:143.55.237.162 ip4:143.55.237.120 ip4:185.12.80.0/22 ip4:216.198.0.0/18 ip4:168.245.0.0/17 ip4:159.183.0.0/16 include:_s004304133.autospf.email -all

Processed recursively per RFC 7208

5
include:
_s004304133.autospf.email
Valid

SPF record found

Lookup cost: 1
Included by _s004304132.autospf.email

TXT Record

v=spf1 ip4:13.215.187.237 ip4:40.172.175.158 ip4:45.14.148.0/22 ip4:20.1.128.197/32 ip4:20.10.24.226/32 ip4:209.85.128.0/17 ip4:139.60.152.0/22 ip4:198.187.196.100 ip4:198.187.196.130 ip4:198.245.81.0/24 ip4:159.135.226.248 ip4:159.135.233.165 ip4:12.228.6.215/32 ip4:208.117.48.0/20 ip4:198.37.144.0/20 ip4:134.128.64.0/19 ip4:134.128.96.0/19 ip4:87.253.232.0/21 ip4:69.20.119.216/29 ip4:76.12.109.192/27 include:_s004304134.autospf.email -all

Processed recursively per RFC 7208

6
include:
_s004304134.autospf.email
Valid

SPF record found

Lookup cost: 1
Included by _s004304133.autospf.email

TXT Record

v=spf1 ip4:67.59.141.128/28 ip4:70.42.227.151/32 ip4:70.42.227.152/32 ip4:20.114.186.35/32 ip4:162.247.216.0/22 ip4:52.222.73.120/32 ip4:139.146.160.0/25 ip4:136.147.176.0/24 ip4:136.147.182.0/24 ip4:136.147.135.0/24 ip4:199.122.123.0/24 ip4:103.151.192.0/23 ip4:188.172.128.0/20 ip4:192.161.144.0/20 ip4:192.254.112.0/20 ip4:223.165.113.0/24 ip4:223.165.115.0/24 ip4:223.165.118.0/23 ip4:223.165.120.0/23 include:_s004304135.autospf.email -all

Processed recursively per RFC 7208

7
include:
_s004304135.autospf.email
Valid

SPF record found

Lookup cost: 1
Included by _s004304134.autospf.email

TXT Record

v=spf1 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:209.41.176.224/28 ip4:20.119.174.191/32 ip4:20.230.106.230/32 ip4:20.119.207.133/32 ip4:54.186.193.102/32 ip4:204.232.162.112/28 ip4:204.232.180.112/29 ip4:204.232.180.128/29 ip6:2800:3f0:4864::/56 ip4:139.146.146.128/25 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2001:4860:4864::/56 ip6:2404:6800:4864::/56 include:_s004304136.autospf.email -all

Processed recursively per RFC 7208

8
include:
_s004304136.autospf.email
Valid

SPF record found

Lookup cost: 2
Included by _s004304135.autospf.email

TXT Record

v=spf1 ip6:2607:f8b0:4864::/56 ip6:2a00:1450:4864::/56 ip6:2c0f:fb50:4864::/56 ip6:2a01:111:f403:f913:: ip6:2a01:111:f403:f908::2 ip6:2a01:111:f403:f804::2 ip6:2a01:111:f403:c946::2 ip6:2a01:111:f403:8000::/51 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 exists:%{i}._spf.mta.salesforce.com exists:%{i}._spf.sparkpostmail.com -all

Processed recursively per RFC 7208

9
exists:
%{i}._spf.mta.salesforce.com
Macro

Dynamic SPF macro - counts as 1 potential lookup when evaluated at delivery time

SPF Macro Variables:

%{i} = sender IP address

This mechanism uses SPF macros that are expanded when an email is received. The actual domain queried depends on the sender's IP address and other connection details.

Lookup cost: 1
10
exists:
%{i}._spf.sparkpostmail.com
Macro

Dynamic SPF macro - counts as 1 potential lookup when evaluated at delivery time

SPF Macro Variables:

%{i} = sender IP address

This mechanism uses SPF macros that are expanded when an email is received. The actual domain queried depends on the sender's IP address and other connection details.

Lookup cost: 1
0

TLS Security

0 / 10 points

Score Breakdown

TLS-RPT record configured (optional)
0 / 5
MTA-STS policy configured (optional)
0 / 5

TLS-RPT (Reporting)

TLS-RPT Not Configured

Publish a TXT record at _smtp._tls.mit.edu with v=TLSRPTv1 and reporting URI (rua=).

MTA-STS (Policy)

MTA-STS Not Configured

Publish a TXT record at _mta-sts.mit.edu with v=STSv1 and policy ID (id=).

Protect inbound transport

You've checked your outbound authentication. But without MTA-STS and TLS-RPT, mail delivered to mit.edu isn't protected against transport downgrade attacks. Receiver Shield helps you deploy, monitor, and safely enforce transport security.

Start Monitoring

Know when your DNS records change

The check you just ran shows your current configuration. But DNS records change, sometimes without you knowing. A well-meaning IT change, a third-party provider update, or an unauthorized modification can break your email delivery overnight.

Configuration Drift

IT changes that accidentally break authentication

Provider Updates

Third-party services changing their SPF includes

Unauthorized Changes

Attackers modifying records to send as you

DMARCTrust monitors your DNS records continuously. When something changes, you get an email alert with exactly what changed and why it matters. No more surprises when customers complain their emails bounced.

Monitor mit.edu free

Email Security Configuration

How mit.edu configures email authentication

DMARC Domain Policy
Configured
v=DMARC1; p=none; rua=mailto:[email protected]
p=none DKIM: relaxed SPF: relaxed Reports enabled
SPF Sender Authorization
Configured
v=spf1 include:_s00430413.autospf.email -all
-all 1 include
BIMI Brand Indicator
Not set
No BIMI record configured for this domain

Change History

Monitoring started April 06, 2026

Configuration changes will appear here when detected

Check Another Domain

Run a free email authentication check (DMARC, SPF, BIMI).

We will generate a shareable URL for your domain.

Try popular examples: google.com, amazon.com, booking.com

Explore other domains

Discover how other organizations configure their email authentication

Popular Domains

Frequently checked

Well-Configured

Reject policy + valid SPF

Same Policy

Also using none

Showing domains checked by our users. All data is from public DNS records.

About This Checker

What we check

We analyze your domain's email authentication: DMARC policy and alignment, SPF record and includes, and BIMI logo and certificate status when present.

Why it matters

Healthy authentication improves delivery and blocks spoofing. Major inbox providers increasingly expect DMARC and aligned SPF/DKIM from senders.

Included features

  • DMARC syntax, policy, and reporting validation
  • SPF record evaluation and include analysis
  • DKIM/SPF alignment interpretation
  • BIMI record and VMC detection
  • Clear setup and remediation guidance

Monitor your email authentication 24/7

This check shows a snapshot. With DMARCTrust, you get continuous monitoring of your DMARC reports and DNS records, with instant alerts when something changes.

Start monitoring mit.edu View Plans