cyber.gov.au

C
Conditional · 75/100
Shows meaningful security gaps that need attention. Positive signals: DNS Configuration, DMARC / Email Security, and MX Records & Mail Provider all passed. 4 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 1–2 days could address all findings.
Trust Score Trend
→ No change 1 scan · Last scanned February 24, 2026
Score
100 75 50 25 0
C
cyber.gov.au
75/100
Compliance & Certifications
Not yet verified
SOC 2 TYPE II
SOC 2 Type II
Audit report not on file
3rd party · AICPA
Pro subscribers only
ISO 27001
ISO 27001
Certificate not on file
3rd party · accredited body
Pro subscribers only
GDPR
GDPR
DPA not on file
Self-reported
Pro subscribers only
CCPA
CCPA
Privacy policy not on file
Self-reported
Pro subscribers only
Incident History
None in 12 months
March 2026
ChatGPT data exposure
1 source
Resolved
Pro subscribers only
April 2023 – Feb 2026
ChatGPT data exposure
1 source
Resolved
Pro subscribers only
Security Posture
4 items need attention
7 passed
Protect incoming email from downgrade attacks (MTA-STS)
MTA-STS & TLS Reporting
2–4 hours

This allows inbound email to be silently downgraded and intercepted without warning. This is a more advanced setting — skip it if you're not sure, and come back once the items above are handled. cyber.gov.au has no MTA-STS policy, which means an attacker positioned on the network path could silently downgrade incoming email from encrypted to unencrypted, with no warning to either side.

How to fix this
1This one usually needs a developer or your hosting provider's support team — it involves publishing a small text file on your website, not just a DNS record.
v=STSv1; id=20260101000000
version: STSv1 mode: testing mx: mail.cyber.gov.au max_age: 604800
2Add a TXT record with the name "_mta-sts" in your domain's DNS settings (check with whoever manages your website or domain registration) (id= just needs to be any unique short code you make up, e.g. today's date), with this value:
3Host a small policy file at https://mta-sts.cyber.gov.au/.well-known/mta-sts.txt with the content below.
4Start in "testing" mode for a couple of weeks, check the reports, then switch to "enforce".
Report unlocked.
View all 7 passed checks
DNS Configuration
DMARC / Email Security
MX Records & Mail Provider
TLS Configuration
Known Breaches
TLS Protocol Support
CVE Exposure
Company Signals
Claim profile →
Operational risk
Low
11 yrs operating. Well-funded
Lynxradar · Composite signal
Last funding
$40B
Series F · Mar 2025 · SoftBank-led
Crunchbase ↗
Employees
~3,000
+40% YoY growth
LinkedIn ↗
Trust Resources
Claim profile →
Trust Center
trust.cyber.gov.au ↗
Security page
cyber.gov.au/security ↗
Privacy Policy
cyber.gov.au/privacy ↗
DPA (Data Processing Agreement)
cyber.gov.au/dpa ↗
Updated recently
Subprocessors List
cyber.gov.au/policies/subprocessors ↗
Similar companies
Appears in
Claim profile →
SOC 2 Type II certified vendors
847 companies · Updated weekly by LynxRadar
Track
ISO 27001 certified SaaS
312 companies · Updated weekly by LynxRadar
Track
Top AI vendors by trust score
94 companies · LynxRadar ranking
Track
Enterprise-ready SaaS · Trust score A or above
203 companies · LynxRadar ranking
Track