Blog
Contact
Sign in
Scan complete
scan_id: 8488ed51…
D
67/100
fip.info.pl
1 critical issue needs immediate attention.
6/6
checks
17
passed
finished
Scan timestamps
Created
Jul 4, 2026, 11:11 AM
Started
Jul 4, 2026, 11:11 AM
Finished
Jul 4, 2026, 11:12 AM
Updated
Jul 4, 2026, 11:11 AM
Export PDF
Re-scan
Findings by severity
24 results
1
Critical
2
High
3
Medium
1
Low
17
Pass
Report coverage
100%
Full coverage - every planned check was evaluated.
9 skipped
All
33
Critical
1
High
2
Medium
3
Low
1
Pass
17
Skipped
9
Email Security
100%
5/5
SPF Record
Learn how it works
Info
7/7 pass
SPF Record
SPF record is published
The domain publishes exactly one SPF TXT record.
Pass
SPF Record
SPF syntax is valid
The SPF record is syntactically valid.
Pass
SPF Record
SPF policy uses strict fail mode
The SPF policy explicitly rejects unauthorized senders with -all.
Pass
SPF Record
SPF DNS lookup limit is not exceeded
The SPF policy stays within the DNS lookup limit.
Pass
SPF Record
SPF delegated policies are valid
All include and redirect targets resolve to valid SPF policies.
Pass
SPF Record
SPF record avoids deprecated mechanisms
The SPF policy does not use discouraged SPF mechanisms.
Pass
SPF Record
SPF authorization scope is constrained
The SPF policy does not authorize obviously overbroad IP ranges.
Pass
DMARC Policy
Learn how it works
Info
3/7 pass
DMARC Policy
DMARC record is published
The domain publishes exactly one DMARC TXT record.
Pass
DMARC Policy
DMARC syntax is valid
The DMARC record is syntactically valid.
Pass
DMARC Policy
DMARC policy quarantines unauthenticated mail
The DMARC policy asks receivers to treat failing mail as suspicious, but does not request full rejection.
Medium
DMARC Policy
DMARC subdomain policy uses quarantine
Subdomains are protected by quarantine, but failing mail is not explicitly rejected.
Medium
DMARC Policy
DMARC policy applies to all failing mail
The DMARC policy is applied to 100% of failing messages.
Pass
DMARC Policy
DMARC aggregate reporting is not configured
The DMARC record does not request aggregate reports, which reduces visibility into authentication failures.
Medium
DMARC Policy
DMARC alignment is relaxed
The DMARC record allows relaxed identifier alignment for DKIM or SPF.
Low
MTA-STS Policy
Learn how it works
Info
0/5 pass
MTA-STS Policy
MTA-STS DNS record is missing
The domain does not publish an MTA-STS TXT record, so sending servers cannot discover or enforce an MTA-STS policy.
High
MTA-STS Policy
MTA-STS policy fetch was not evaluated
Policy fetch was skipped because the domain does not have a valid MTA-STS DNS record.
No impact on score or coverage
Skipped
MTA-STS Policy
MTA-STS policy syntax was not evaluated
Policy syntax evaluation was skipped because the policy file could not be fetched.
No impact on score or coverage
Skipped
MTA-STS Policy
MTA-STS mode was not evaluated
Mode evaluation was skipped because the policy file is not available or has invalid syntax.
No impact on score or coverage
Skipped
MTA-STS Policy
MTA-STS MX coverage was not evaluated
MX coverage evaluation was skipped because the policy file is not available, has invalid syntax, or the domain does not accept mail.
No impact on score or coverage
Skipped
TLS-RPT Record
Learn how it works
Info
0/3 pass
TLS-RPT Record
No TLS-RPT record found
The domain does not publish a TLS-RPT record. Sending servers cannot report TLS errors to this domain.
High
TLS-RPT Record
TLS-RPT syntax was not evaluated
Syntax evaluation was skipped because the domain does not have exactly one TLS-RPT record.
No impact on score or coverage
Skipped
TLS-RPT Record
TLS-RPT rua quality was not evaluated
Reporting URI evaluation was skipped because the domain does not have a syntactically valid TLS-RPT record.
No impact on score or coverage
Skipped
DANE SMTP
Learn how it works
Info
1/5 pass
DANE SMTP
MX hosts discovered
The domain has at least one MX host configured.
Pass
DANE SMTP
No MX host TLSA zone is protected by DNSSEC
None of the MX hosts have DNSSEC on their TLSA lookup zones. DANE SMTP cannot function without DNSSEC, as sending servers will ignore TLSA records from unsigned zones.
Critical
DANE SMTP
TLSA coverage was not evaluated
TLSA coverage evaluation was skipped because no MX hosts were discovered or DNSSEC is not available.
No impact on score or coverage
Skipped
DANE SMTP
TLSA parameter quality was not evaluated
TLSA parameter evaluation was skipped because no usable TLSA records were found.
No impact on score or coverage
Skipped
DANE SMTP
Certificate match was not evaluated
Certificate verification was skipped because no usable TLSA records are published for the MX hosts.
No impact on score or coverage
Skipped
DNS Security
100%
1/1
DNSSEC
Learn how it works
Info
6/6 pass
DNSSEC
DNSSEC DS record is published
The parent zone publishes a DS record for this domain.
Pass
DNSSEC
DNSKEY records are published
The child zone publishes DNSKEY records required for DNSSEC validation.
Pass
DNSSEC
DS records match DNSKEY records
At least one DS record matches a DNSKEY record in the child zone.
Pass
DNSSEC
DNSKEY RRset signature is valid
The DNSKEY RRset is signed and its signature validates correctly.
Pass
DNSSEC
Zone RRset signature is valid
The zone SOA RRset is signed and its signature validates correctly.
Pass
DNSSEC
DNSSEC algorithms are acceptable
The DNSSEC algorithms and DS digest types are accepted by the validation policy.
Pass
Feedback