Verdict
-
-
Records we checked
Each record, in business terms - with the copy-ready fix and the raw evidence one tap away.
DKIM - didn't find a signature?
DKIM is published per selector, and selectors aren't discoverable from DNS alone. We probed the common ones. If yours differs, enter it - or read the s= tag from any DKIM-Signature header in a sent email.
Your safe DMARC rollout
Never jump straight to reject. Ramp it - monitor, quarantine a rising percentage, then enforce. Here's where you are and the exact record for each stage.
Phishing-readiness - 5 quick questions
Records tell us if you can be spoofed. These tell us how ready your people and process are. Adjusts your readiness sub-score.
Top fixes, ranked by impact
Next step
Want this closed properly?
DMARC enforcement done wrong silently drops real mail. Hallatec deploys it the safe way - monitored ramp, alignment fixes, and email hardening end-to-end.
Passive public-DNS lookup; point-in-time; shallow SPF include expansion (first level). Not an audit or penetration test. BIMI: a valid record does not guarantee your logo displays - that also needs DMARC enforcement and usually a paid mark certificate.