C
75/100
0 of 1 fixed
All 1 critical issue marked as fixed
Re-scan to confirm and update your score.
1
Set up email authentication (DKIM)
Without email authentication, anyone can send emails that appear to come from threshold.network. This is the most common vector for phishing attacks targeting employees and customers. DKIM is not configured.
NIST CSFPR.AC-7
Email authentication is a required access control
ISO 27001A.13.2.1
Information transfer policies require email security controls
HIPAA§164.312(e)
Transmission security for electronic PHI
How to fix this
1Add SPF record to DNS: v=spf1 include:_spf.google.com ~all (adjust for your email provider)
2Configure DKIM signing with your email provider and publish the public key in DNS
3Add DMARC record: v=DMARC1; p=quarantine; rua=mailto:[email protected]
4Monitor DMARC reports for 2–4 weeks, then upgrade policy to p=reject
At a glance
Full data from this scan
TLS Version
TLSv1.3
TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
DMARC Policy
p=none
Strengths: SPF record present with hard-fail (-all). Issues: DMARC policy is 'none' (monitoring only, no enforcement); No DKIM records found for common selectors (domain may use custom selectors — this is not a confirmed gap).
SPF Record
Present
v=spf1 include:_spf.google.com -all
Security Headers
2/5 present
Missing: X-Content-Type-Options, Referrer-Policy, Permissions-Policy
HSTS
Enabled
HSTS enabled: max-age=31536000. Missing includeSubDomains. Missing preload directive.
SSL Certificate
Valid
Strengths: Certificate valid, 49 days remaining; Issued by Google Trust Services.
DNSSEC
Enabled
Strengths: 2 nameservers configured (vick.ns.cloudflare.com., nora.ns.cloudflare.com.); 5 MX records present; DNSSEC enabled; Zone transfers properly restricted.
Similar companies
