SPFWise

Email Authentication Report for spfwise.com

A live look at how spfwise.com protects its email: SPF, DKIM, DMARC, and transport security, with the grade explained.

A+

spfwise.com

100 out of 100

Scanned: Jul 3, 2026, 10:26 AM

Why this score

The score starts at 100. Every issue below subtracts points based on how much it hurts your deliverability or lets someone spoof you.

Nothing is lowering your score. Every live check passed cleanly.
  • SPF

    Pass
    • Ends with -all (hardfail).

      A hardfail tells receivers to reject any sender that is not listed. This is the strongest and recommended setting.

    • SPF is present and correctly configured.

      A single SPF record was found, it stays within the DNS lookup limit, and it ends with a strong all qualifier.

    DNS lookups3 / 10
    v=spf1 include:mx.ovh.com -all
    allQualifier
    -
  • DKIM

    Pass
    • DKIM is set up (2 valid selector(s) found).

      At least one valid signing key was found, so your outgoing mail can be signed and verified by receivers.

    selectors
    ovhmo-selector-1, ovhmo-selector-2
    keyType
    rsa
    keyBits
    2048
  • DMARC

    Pass
    • Policy is p=reject (strongest).

      Reject tells receivers to refuse any mail that fails authentication, the strongest protection against spoofing.

    • Aggregate reporting is enabled.

      A rua address is set, so you receive daily reports showing every source that sends as your domain.

    • DMARC is present and enforced.

      A valid DMARC record was found with an enforcing policy, so receivers act on mail that fails authentication.

    v=DMARC1; p=reject; rua=mailto:dmarc@spfwise.com; sp=reject; aspf=r
    policy
    reject
    subdomainPolicy
    reject
    pct
    100
    rua
    mailto:dmarc@spfwise.com
    adkim
    r
    aspf
    r
  • MX

    Pass
    • MX is configured (3 mail server(s)).

      Your domain has MX records and every listed mail server resolves to an IP address, so it can receive mail.

    mxHosts
    mx1.mail.ovh.net (1), mx2.mail.ovh.net (5), mx3.mail.ovh.net (100)
    mxCount
    3
  • Blacklist

    Pass
    • Not on any checked blocklist.

      Your mail server IPs were not found on the public blocklists we checked. Reputation can change, so it is worth monitoring over time.

    ipsChecked
    91.121.53.175, 87.98.160.167, 188.165.36.237
    blocklists
    bl.spamcop.net, dnsbl.sorbs.net

Optional enhancements

Advanced, nice-to-have features. Setting these up (or not) does not change your grade.

  • DNSSEC

    Pass
    • DNSSEC is enabled.

      Your zone is signed and the parent publishes a DS record, so resolvers can verify your DNS answers were not tampered with on the way to them.

    algorithm
    RSASHA256
    signatureExpiry
    2026-08-01T15:57:19Z
  • MTA-STS

    Pass
    • MTA-STS is enforcing.

      Your MTA-STS policy is in enforce mode, so sending servers refuse to deliver to your domain over an untrusted or unencrypted connection.

    mode
    enforce
    maxAge
    604800
  • TLS-RPT

    Pass
    • TLS reporting is enabled.

      Your TLS-RPT record is valid, so receivers can report TLS delivery failures to you.

    v=TLSRPTv1; rua=mailto:tlsrpt@spfwise.com
    rua
    mailto:tlsrpt@spfwise.com
  • BIMI

    Optional
    • BIMI is not set up.

      BIMI is optional. It shows your logo next to your emails in supporting inboxes, but it needs an enforced DMARC policy and, for Gmail and Apple Mail, a Verified Mark Certificate (VMC).

      How to fix: With DMARC at quarantine or reject, publish a BIMI TXT record at default._bimi pointing to a square SVG logo, and add a VMC to display it in Gmail and Apple Mail.

Keep this domain protected

Turn on monitoring and hear about a broken record the moment it happens, before it costs you a delivery.

This report grades the email authentication posture of spfwise.com against the same checks that mailbox providers apply to inbound mail. The grade above is derived directly from what is published in DNS right now, so it reflects the domain exactly as a receiver sees it.

A strong result here means three things are in place at once: SPF authorizes the right senders, DKIM signs outgoing mail with a valid key, and DMARC ties them together with a policy that tells receivers what to do when a message fails. Transport security records add a further layer by protecting the connection itself.

Want the same breakdown for your own domain? Run a scan and you will get an identical grade with the exact records to fix anything that is weak.

Check your own domain

Run a free scan and get your grade with the exact records to fix.

Scan a domain

Guides to fix common issues

spfwise.com Email Authentication Report | SPFWise