RedScore.ai

Email Security

100 points total

Assesses email authentication and anti-spoofing controls — SPF policy strength, DMARC enforcement level, DKIM selector discovery, and MX record hygiene.

Checks

CheckWeight
DMARC Policy Enforcement
email_dmarc_policy_enforcement		30 pts
SPF Policy Strength
email_spf_policy_strength		25 pts
DKIM Selector Discovery
email_dkim_selector_discovery		25 pts
MX Presence & Hygiene
email_mx_presence_and_hygiene		20 pts

Pass / Warn / Fail Logic

DMARC Policy Enforcement

Pass if p=reject or p=quarantine; warn if p=none; fail if no DMARC.

SPF Policy Strength

Pass if -all; warn if ~all; fail if +all or missing.

DKIM Selector Discovery

Pass if a valid selector is found; fail if none discovered (may be false negative with custom selectors).

MX Presence & Hygiene

Pass if valid MX or null MX; fail if no MX record.

Findings & How to Fix Them

These are the specific findings RedScore may report for this category, along with remediation guidance.

highSPF Record MissingEMAIL_SPF_MISSING

Publish an SPF TXT record for your root domain and use a restrictive policy ending in -all.

highDMARC Record MissingEMAIL_DMARC_MISSING

Publish a DMARC record at _dmarc.<domain> with at least p=none and move to p=quarantine/reject.

mediumSPF Policy Too PermissiveEMAIL_SPF_WEAK_POLICY

Harden SPF policy toward -all to prevent unauthorized senders from passing SPF checks.

mediumDMARC Not EnforcedEMAIL_DMARC_NON_ENFORCED

Set DMARC policy to p=quarantine or p=reject to enforce anti-spoofing protections.

mediumDKIM Not FoundEMAIL_DKIM_NOT_FOUND

If you use a custom DKIM selector not in our test list, this may be a false negative. Otherwise publish a DKIM TXT at <selector>._domainkey and ensure your mail flow signs with it.

mediumMX Records MissingEMAIL_MX_MISSING

If mail is used, publish valid MX records. If mail is not used, publish a null MX record (MX 0 .).

DNS & Domain SecurityInfrastructure Hygiene