Beep beep... Loading...
Beep beep... Loading...
A comprehensive guide to our email security assessment system
Your domain has proper email authentication and security measures in place. This includes:
Basic protections are in place but improvements are recommended. Common scenarios include:
Missing essential email security measures. Immediate action recommended. Issues include:
Our email health check performs several tests to evaluate your domain's email security configuration. Each test checks compliance with specific email authentication standards and best practices.
Mail Exchange (MX) records specify which mail servers accept incoming email for your domain.
Without valid MX records, your domain cannot receive email. Having multiple mail servers with appropriate priority settings ensures email delivery even if the primary server is unavailable.
SPF allows domain owners to specify which mail servers are authorized to send email on behalf of their domain.
SPF helps prevent email spoofing by allowing receiving mail servers to verify whether incoming mail from your domain comes from an authorized source. This helps prevent phishing attacks and improves email deliverability.
DKIM adds a digital signature to your emails that verifies they were sent by an authorized sender and weren't tampered with in transit.
DKIM signatures provide cryptographic proof that an email was sent by an authorized sender and wasn't modified in transit. This helps prevent email forgery and builds sender reputation.
Since DKIM selectors can be customized, our automated tests may not find all records. Use this tool to check specific selectors for your domain.
DMARC ties SPF and DKIM together with a policy that tells receiving servers what to do with messages that fail authentication.
DMARC provides clear instructions to receiving mail servers about how to handle messages that fail SPF or DKIM checks. It also enables reporting, giving you visibility into email authentication failures and potential abuse.
MTA-STS is a security standard that enables mail servers to ensure their communication is secure and not susceptible to downgrade attacks.
MTA-STS ensures that email is only delivered over secure, encrypted connections. This prevents attackers from intercepting or modifying email in transit through man-in-the-middle attacks.
TLS-RPT enables reporting of TLS connection problems, allowing you to monitor failures in encrypted email delivery to your domain.
TLS-RPT complements MTA-STS by providing reporting capabilities for TLS connection failures. This helps identify issues with your TLS configuration, certificate problems, or attempted downgrade attacks.
When implementing email authentication, we recommend following this order to gradually build up your domain's email security.
Get an instant assessment of your email security configuration.
Run Email Health Check