Failed : IPv6

Too bad! Your mail server can not be reached by senders using modern IPv6 addresses, or improvement is possible. Therefore your mail server is not part of the modern Internet yet. You should ask your email provider to fully enable IPv6.

Failed : none of the mail servers (MX) comes with an IPv6 address

Failed : none of the name servers (NS) comes with an IPv6 address


Failed : DNSSEC

Too bad! Some or all of your email address and mail server domains are not signed with a valid signature. Therefore senders with enabled domain signature validation, are not able to reliably query the IP address of your receiving mail server(s). An attacker could secretely manipulate the IP address and divert e-mails addressed to you to his/her own mail server. You should ask your name server operator and/or your mail provider to enable DNSSEC.

Incoming mail server (MX): mx3.mail.icloud.com.

Failed : Not secured with DNSSEC.

Incoming mail server (MX): mx5.mail.icloud.com.

Failed : Not secured with DNSSEC.

Incoming mail server (MX): mx4.mail.icloud.com.

Failed : Not secured with DNSSEC.

Incoming mail server (MX): mx6.mail.icloud.com.

Failed : Not secured with DNSSEC.

Incoming mail server (MX): mx1.mail.icloud.com.

Failed : Not secured with DNSSEC.

Incoming mail server (MX): mx2.mail.icloud.com.

Failed : Not secured with DNSSEC.

Tested domain name: icloud.com

Failed : Not secured with DNSSEC. Your registrar (most often also your DNS operator) is: CSC CORPORATE DOMAINS, INC.


Passed : DMARC, DKIM and SPF

Well done! Your domain contains all authenticity marks against email forgery. Therefore receivers are able to reliably seperate phishing and spam emails abusing your domain in their sender address, from your authentic emails.

Passed : a DKIM record (TXT) has been found

Passed : a DMARC policy (TXT record) has been found:
v=DMARC1; p=none; rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com;

Passed : an SPF policy (TXT record) has been found:
v=spf1 ip4:17.36.0.0/16 ip4:17.41.0.0/16 ip4:17.110.0.0/15 ip4:17.120.0.0/16 ip4:17.133.0.0/16 ip4:17.139.0.0/16 ip4:17.142.0.0/15 ip4:17.158.0.0/15 ip4:17.162.0.0/15 ip4:17.164.0.0/16 ip4:17.172.0.0/16 ip4:17.151.1.0/24 ip4:17.171.37.0/24 ~all


Passed : STARTTLS

Well done! Sending mail servers supporting STARTTLS can establish a secure connection with your receiving mail server(s). Passive attackers will therefore not be able to read emails in transit to you. Note: we additionally recommend to publish DANE records to counteract active attackers from stripping STARTTLS encryption by manipulating the mail traffic.

Incoming mail server (MX): mx3.mail.icloud.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : all certificates are signed using a sufficiently secure hash method

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)

Incoming mail server (MX): mx5.mail.icloud.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : all certificates are signed using a sufficiently secure hash method

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)

Incoming mail server (MX): mx4.mail.icloud.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : all certificates are signed using a sufficiently secure hash method

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)

Incoming mail server (MX): mx6.mail.icloud.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : all certificates are signed using a sufficiently secure hash method

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)

Incoming mail server (MX): mx1.mail.icloud.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : all certificates are signed using a sufficiently secure hash method

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)

Incoming mail server (MX): mx2.mail.icloud.com.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : all certificates are signed using a sufficiently secure hash method

Passed : hostname of mail server matches certificate

Passed : no TLSA record found (DANE)