B-
80/100
1
Strengthen email authentication configuration
DMARC / Email Security
Email authentication is partially configured for krungsri.com but has gaps. Actions needed: . Until DMARC enforcement is active, spoofed emails may still reach recipients.
NIST CSFPR.AC-7
Email authentication is a required access control
How to fix this
1Verify with: nslookup -type=txt _dmarc.krungsri.com
At a glance
Full data from this scan
TLS Version
TLSv1.3
TLSv1.3 negotiated with TLS_AES_128_GCM_SHA256 (128-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
DMARC Policy
p=quarantine
Strengths: DMARC policy set to quarantine; DMARC pct=100 — policy applies to all mail; Aggregate reports (rua) configured; Forensic reports (ruf) configured; SPF hard-fail (-all) configured; SPF DNS lookup count: 6/10 (within limit); DKIM configured (selectors: selector1, selector2). Issues: DMARC policy is 'quarantine', not 'reject' — spoofed mail is moved to spam rather than blocked outright.
SPF Record
Present
v=spf1 ip4:103.216.96.0/23 ip4:103.219.196.0/24 ip4:103.93.166.0/24 ip4:58.64.42.0/24 include:spfOth
Security Headers
3/5 present
Missing: Referrer-Policy, Permissions-Policy
HSTS
Enabled
HSTS enabled: max-age=63072000s (730 days) with includeSubDomains and preload. Meets best-practice configuration.
SSL Certificate
Issues
Strengths: Certificate valid, 77 days remaining; Issued by DigiCert Inc; 1056 certificates logged in CT. Issues: Certificates issued by 9 different CAs (threshold: 8 for 1056 logged certs) — possible misconfiguration or shadow IT.
DNSSEC
Not enabled
Strengths: 2 nameservers configured (ns.bay.co.th, ns1.bay.co.th); SOA record present and MNAME consistent with NS set; 2 MX record(s) present; DNSSEC enabled: zone signed (DNSKEY present) and chain of trust intact (DS record in parent zone); Zone transfers properly restricted on all nameservers; Address records present: 2 A record(s). Issues: All nameservers are from a single provider (co.th) — a provider outage takes down the domain.
Similar companies