Find every gap in your trust layer.
Six protocols. Read directly from your DNS. Thirty seconds.
What we check.
Six protocols. Every one read directly from public DNS. No self-reports. No estimates.
DMARC
RFC 7489
Policy, strength, alignment.
SPF
RFC 7208
Record, lookups, qualifiers.
DKIM
RFC 6376
Selectors, key strength, publication.
MTA-STS
RFC 8461
Policy file, mode, MX authorization.
TLS-RPT
RFC 8460
TLS failure reporting.
BIMI
BIMI Draft / RFC 9495 (VMC)
Logo, VMC certificate.
How do you compare?
Your score is ranked against every domain Authex tracks. 189 countries. 19 sectors.
Explore the researchScanner questions.
Is the scanner free?
Yes — completely free, with no signup or credit card. Enter any domain and Authex reads its DNS records and grades them in about thirty seconds.
What does the scanner check?
Six DNS-layer trust records: DMARC, SPF, DKIM, MTA-STS, TLS-RPT, and BIMI — all read directly from public DNS, with a score and specific fixes for each.
Do you need access to my mailbox or DNS?
No. The scan reads only public DNS records — nothing private. You don't connect a mailbox or grant any access to run it.
How is the score calculated?
Every protocol feeds a single 100-point score weighted by impact: DMARC policy strength and alignment carry the most, with supporting credit for SPF, DKIM, MTA-STS, and the rest.
A scan finds the gaps. The Agent closes them.
Move from a one-time check to continuous enforcement.
14-day trial · No credit card · Read-only by default