authex

Find every gap in your trust layer.

Six protocols. Read directly from your DNS. Thirty seconds.

Free·No signup·Six protocols

What we check.

Six protocols. Every one read directly from public DNS. No self-reports. No estimates.

DMARC

RFC 7489

Policy, strength, alignment.

SPF

RFC 7208

Record, lookups, qualifiers.

DKIM

RFC 6376

Selectors, key strength, publication.

MTA-STS

RFC 8461

Policy file, mode, MX authorization.

TLS-RPT

RFC 8460

TLS failure reporting.

BIMI

BIMI Draft / RFC 9495 (VMC)

Logo, VMC certificate.

How do you compare?

Your score is ranked against every domain Authex tracks. 189 countries. 19 sectors.

Explore the research

Scanner questions.

Is the scanner free?

Yes — completely free, with no signup or credit card. Enter any domain and Authex reads its DNS records and grades them in about thirty seconds.

What does the scanner check?

Six DNS-layer trust records: DMARC, SPF, DKIM, MTA-STS, TLS-RPT, and BIMI — all read directly from public DNS, with a score and specific fixes for each.

Do you need access to my mailbox or DNS?

No. The scan reads only public DNS records — nothing private. You don't connect a mailbox or grant any access to run it.

How is the score calculated?

Every protocol feeds a single 100-point score weighted by impact: DMARC policy strength and alignment carry the most, with supporting credit for SPF, DKIM, MTA-STS, and the rest.

A scan finds the gaps. The Agent closes them.

Move from a one-time check to continuous enforcement.

14-day trial · No credit card · Read-only by default