Email authentication check

oikotop.com

This check reviews the domain's email authentication setup to help protect against spoofing and phishing.

All data is public, sourced from DNS Last checked 44 minutes ago
At risk

oikotop.com has authentication gaps that can expose the domain to spoofing.

Start by publishing valid SPF and DMARC records, then add reporting and optional brand or transport protections.

55 out of 110
0 of 4 checks passed
DMARC 29 / 50 · Optional SPF 26 / 30 · Optional BIMI 0 / 20 · Optional TLS 0 / 10 · Optional
Last checked 44 minutes ago
Compare with other domains

DMARC

Optional

Domain-based Message Authentication

29 / 50

Monitor-only policy published

DMARC record is valid and configured correctly.

_dmarc.oikotop.com TXT
v=DMARC1; p=none; rua=mailto:[email protected]

Score breakdown

  • DMARC record published +10
  • Syntax valid +5
  • None policy (monitoring only) +4
  • Aggregate reporting (rua) configured and verified +10
  • Failure reporting (ruf) not configured (optional) 0 / 5

Configuration

Policy (p)
none
DKIM alignment (adkim)
Relaxed (default)
SPF alignment (aspf)
Relaxed (default)
Subdomain policy (sp)
Inherits p=none

Reporting (RUA / RUF)

Aggregate reports Passed
mailto:[email protected]
External domain verification successful
Failure reports Optional
Not configured
Optional failure reporting is not configured
Monitor-only policy (p=none)
This record monitors authentication failures but does not ask receivers to block them, so security scanners and compliance checks often report it as "policy not enabled". Once your reports show legitimate mail is aligned, move to quarantine or reject.
How to fix DMARC policy not enabled

SPF

Optional

Sender Policy Framework

26 / 30

SPF record is valid

SPF record is valid and complies with RFC 7208.

oikotop.com TXT
v=spf1 include:_spf.perfora.net include:_spf-eu.ionos.com include:_spf.kundenserver.de ~all

Score breakdown

  • SPF record published +10
  • Syntax valid +5
  • Soft fail policy (~all) +6
  • No configuration warnings +5

Configuration

Default policy
~all (soft fail)
DNS lookups
3 / 10 max
Void lookups
0 / 2 max
Syntax check
OK

DNS lookup detail

Each mechanism that may trigger a DNS query at delivery time.

1 include: _spf.perfora.net Valid

SPF record found

v=spf1 ip4:74.208.4.192/26 ip4:82.165.159.128/27 -all

Processed recursively per RFC 7208

2 include: _spf-eu.ionos.com Valid

SPF record found

v=spf1 ip4:212.227.126.128/25 ip4:82.165.159.0/26 ip4:212.227.15.0/25 ip4:212.227.17.0/27 ip4:217.72.192.64/26 ip4:212.227.25.128/25 ip6:2001:8d8:5c2::/64 ip6:2001:8d8:5c5::/64 ?all

Processed recursively per RFC 7208

3 include: _spf.kundenserver.de Valid

SPF record found

v=spf1 ip4:212.227.126.128/25 ip4:82.165.159.0/26 ip4:212.227.15.0/25 ip4:212.227.17.0/27 ip4:217.72.192.64/26 -all

Processed recursively per RFC 7208

Authorized IP addresses

include:_spf.perfora.net

74.208.4.192/26 82.165.159.128/27

include:_spf-eu.ionos.com

212.227.126.128/25 82.165.159.0/26 212.227.15.0/25 212.227.17.0/27 217.72.192.64/26 212.227.25.128/25 2001:8d8:5c2::/64 2001:8d8:5c5::/64

include:_spf.kundenserver.de

212.227.126.128/25 82.165.159.0/26 212.227.15.0/25 212.227.17.0/27 217.72.192.64/26

BIMI

Optional

Brand Indicators for Message Identification

0 / 20

No BIMI record published

No BIMI record found for selector 'default'.

Score breakdown

  • BIMI record published (optional) 0 / 5

Configuration

Logo (l)
Not configured
Mark certificate (a)
Not configured
Selector
default
Note
SVG content is not parsed, for safety
BIMI is optional
BIMI usually matters after DMARC enforcement is working. Use it for brand display, not as a replacement for SPF or DMARC.

TLS

Optional

Transport security · MTA-STS & TLS-RPT

0 / 10

Inbound transport protection not fully configured

MTA-STS and TLS-RPT are optional, but they protect inbound mail against transport downgrade attacks and give visibility into TLS delivery failures.

Score breakdown

  • TLS-RPT record configured (optional) 0 / 5
  • MTA-STS policy configured (optional) 0 / 5

Configuration

TLS-RPT
Not configured
MTA-STS
Not configured

Transport checks

TLS-RPT (reporting) Not configured

No TLS-RPT record found.

MTA-STS (policy) Not configured

No MTA-STS record found.

Protect inbound transport

Receiver Shield helps deploy, monitor, and safely enforce MTA-STS and TLS-RPT for oikotop.com.

Start monitoring

oikotop.com has a DMARC record in monitor-only mode (p=none), which tracks authentication failures without blocking them. SPF is published with a soft fail policy (~all), flagging unauthorized senders without blocking them. oikotop.com's email authentication needs attention to reduce spoofing risk.

Keep oikotop.com protected automatically

This check is a snapshot. DNS records drift when providers change, teams edit records, or unauthorized changes slip in. DMARCTrust watches the same authentication layer continuously and tells you when something moves.

DMARC report processing

Aggregate and failure DMARC reports are received, parsed, and turned into sender visibility without manual XML handling.

DNS change alerts

DNS checks run every 5 minutes for monitored domains, with email alerts when DMARC, SPF, BIMI, TLS-RPT, or MTA-STS records change.

Receiver Shield for inbound

Deploy, host, and safely enforce MTA-STS and TLS-RPT when this checker finds an inbound transport gap.

Start monitoring oikotop.com View plans First checked 16 days ago

Check another domain

Run a free email authentication check: DMARC, SPF, BIMI, TLS-RPT, and MTA-STS.

Try a popular example: google.com, amazon.com, booking.com
Explore

How other domains configure email authentication

Showing domains checked by our users. All data is from public DNS records.

Popular domains

Frequently checked

Well configured

Reject policy + valid SPF

Same policy

Also using none

What we check

DMARC policy and alignment, SPF record and includes, BIMI logo and certificate, and inbound transport security with MTA-STS and TLS-RPT.

Why it matters

Healthy authentication improves delivery and blocks spoofing. Major inbox providers increasingly expect DMARC and aligned SPF or DKIM from senders.

What you get

Syntax, policy, reporting validation, include analysis, alignment interpretation, and clear setup guidance for every result.