Failed : IPv6

Too bad! Your mail server can not be reached by senders using modern IPv6 addresses, or improvement is possible. Therefore your mail server is not part of the modern Internet yet. You should ask your email provider to fully enable IPv6.

Failed : all mail servers (MX) come with an IPv6 address. Mailservers: alt1.gmail-smtp-in.l.google.com., alt2.gmail-smtp-in.l.google.com., alt4.gmail-smtp-in.l.google.com., alt3.gmail-smtp-in.l.google.com., gmail-smtp-in.l.google.com.

Failed : all mail servers (MX) having an IPv6 address are also reachable through IPv6

Failed : none of the name servers (NS) comes with an IPv6 address


Failed : DNSSEC

Too bad! Some or all of your email address and mail server domains are not signed with a valid signature. Therefore senders with enabled domain signature validation, are not able to reliably query the IP address of your receiving mail server(s). An attacker could secretely manipulate the IP address and divert e-mails addressed to you to his/her own mail server. You should ask your name server operator and/or your mail provider to enable DNSSEC.

Incoming mail server (MX): alt1.gmail-smtp-in.l.google.com.

Failed : Not secured with DNSSEC.

Incoming mail server (MX): alt4.gmail-smtp-in.l.google.com.

Failed : Not secured with DNSSEC.

Incoming mail server (MX): alt3.gmail-smtp-in.l.google.com.

Failed : Not secured with DNSSEC.

Incoming mail server (MX): alt2.gmail-smtp-in.l.google.com.

Failed : Not secured with DNSSEC.

Incoming mail server (MX): gmail-smtp-in.l.google.com.

Failed : Not secured with DNSSEC.

Tested domain name: googlemail.com

Failed : Not secured with DNSSEC. Your registrar (most often also your DNS operator) is: MarkMonitor, Inc.


Passed : DMARC, DKIM and SPF

Well done! Your domain contains all authenticity marks against email forgery. Therefore receivers are able to reliably seperate phishing and spam emails abusing your domain in their sender address, from your authentic emails.

Passed : a DKIM record (TXT) has been found

Passed : a DMARC policy (TXT record) has been found:
v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:mailauth-reports@google.com

Passed : an SPF policy (TXT record) has been found:
v=spf1 redirect=_spf.google.com


Passed : STARTTLS

Well done! Sending mail servers supporting STARTTLS can establish a secure connection with your receiving mail server(s). Passive attackers will therefore not be able to read emails in transit to you. Note: we additionally recommend to publish DANE records to counteract active attackers from stripping STARTTLS encryption by manipulating the mail traffic.

Incoming mail server (MX): alt1.gmail-smtp-in.l.google.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : some certificates are signed using a hash method that is not secure:
{'GeoTrust Global CA': 'sha1withrsaencryption'}

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)

Incoming mail server (MX): alt3.gmail-smtp-in.l.google.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : some certificates are signed using a hash method that is not secure:
{'GeoTrust Global CA': 'sha1withrsaencryption'}

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)

Incoming mail server (MX): gmail-smtp-in.l.google.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : some certificates are signed using a hash method that is not secure:
{'GeoTrust Global CA': 'sha1withrsaencryption'}

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)

Incoming mail server (MX): alt4.gmail-smtp-in.l.google.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : some certificates are signed using a hash method that is not secure:
{'GeoTrust Global CA': 'sha1withrsaencryption'}

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)

Incoming mail server (MX): alt2.gmail-smtp-in.l.google.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : some certificates are signed using a hash method that is not secure:
{'GeoTrust Global CA': 'sha1withrsaencryption'}

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)