NextlyTools
Security Tools

Email Security Checker

Analyze SPF, DMARC, DKIM, MTA-STS and full anti-spoofing posture for any domain.

Try: gmail.com microsoft.com cloudflare.com
77 C
Moderate risk
SPF
100
DMARC
100
DKIM
45
DNS Sec
50
microsoft.com scored 77/100 (C). ✓ Strong protection against domain spoofing and BEC attacks. DKIM active on 2 selector(s). MTA-STS enforced.
SPF Authentication
100/100
A+
  • SPF record is properly configured
  • SPF uses -all — strong reject policy
v=spf1 include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com includ...
DMARC Policy
100/100
A+
  • Policy p=reject — full spoofing protection active
  • Aggregate reports (rua) configured
p=reject pct=100% rua ✓
DKIM Signing
45/100
F
  • DKIM active with selector(s): selector2, selector1
  • Selector selector2: RSA 1024-bit key — upgrade to 2048-bit
  • Selector selector1: RSA 1024-bit key — upgrade to 2048-bit
selector2 selector1
MX & Mail Routing
80/100
B
  • 1 MX record(s) found
  • Priority 10: microsoft-com.mail.protection.outlook.com
MTA-STS
100/100
Enabled
  • MTA-STS enabled, mode: enforce
  • Policy file accessible
TLS-RPT
100/100
Configured
  • TLS-RPT configured — TLS failure reporting enabled
BIMI Brand
0/100
Optional
  • BIMI not configured (optional — requires p=reject DMARC first)
DNS Security
50/100
F
  • DNSSEC not configured — DNS spoofing possible
  • CAA records configured — certificate issuance restricted

Prioritized recommendations

Low
Consider BIMI for brand visibility
BIMI displays your logo in Gmail, Yahoo and other clients. Requires p=reject DMARC first.
default._bimi.yourdomain.com TXT "v=BIMI1; l=https://yourdomain.com/logo.svg"