DMARC, DKIM, SPF and STARTTLS
We check if DMARC is available for your domain. A receiving mail server may use your DMARC policy to evaluate how to handle a mail with your domain as sender that could not be authenticated with both DKIM and SPF, and it may use your mail address from the DMARC record to provide feedback reports on the authentication to you.
We check if the syntax of your DMARC record is correct and if it contains a sufficiently strict policy in order to prevent abuse of your domain by phishers and spammers.
We check if your domain supports DKIM records. A receiving mail server can use the public key in your DKIM record to validate the signature in an email with a user from your domain as sender and determine its authenticity.
We check if your domain has an SPF record. A receiving mail server can use your white-listed sending mail servers and the accompanying policy from your SPF record to determine the authenticity of a received email with your domain as sender.
Sending mail servers supporting STARTTLS can establish a secure connection with your receiving mail server(s). Passive attackers will therefore not be able to read emails in transit to you. We check if your receiving mail servers (MX) support STARTTLS as well as support secure TLS versions.
We check if your receiving mail servers (MX) support sufficiently secure cipher suites. A cipher suite is a combination of algorithms used for authentication and encryption that is conformant to the TLS standard. A mail server may support more than one cipher suite.