Results for nato.int
Analysis performed on April 15, 2026 at 02:55 PM
DKIM
OKSelectors: selector1, selector2DMARC
Warningv=DMARC1;p=quarantine;sp=none;rua=mailto:dmzsupport@ncia.nato.int,mailto:dmarc_rua@ma.ncirc.nato.int;ruf=mailto:dmzsupport@ncia.nato.int,mailto:dmarc_ruf@ma.ncirc.nato.int;fo=1;rf=afrf;pct=100;MX
OKmailstream-eu1.mxrecord.io, mailstream-central.mxrecord.mx, mailstream-east.mxrecord.io, mailstream-west.mxrecord.ioRecommendations
1Upgrade your DMARC policy from p=quarantine to p=reject for full blocking
With p=quarantine, spoofed emails are sent to spam instead of being blocked outright. Some recipients still check spam folders, and sophisticated attacks can be flagged as legitimate by users. p=reject ensures fraudulent emails never reach any folder.
2Harden your SPF by replacing ~all with -all (hardfail)
With ~all (softfail), unauthorized senders are flagged but emails are usually still delivered. Switching to -all (hardfail) explicitly tells receiving servers to reject emails from unauthorized sources, providing much stronger protection against spoofing.
3Add MTA-STS to enforce TLS encryption for incoming emails
Without MTA-STS, an attacker performing a man-in-the-middle attack can downgrade the connection between mail servers to plaintext, intercepting emails in transit. MTA-STS tells sending servers to only deliver via TLS with a valid certificate, preventing downgrade attacks.
Need help securing your domain?
If you're not sure how to apply these fixes, get in touch and we'll help you out.
Contact usBadge for your website
Display your email security score on your website.
<a href="https://spoofchecker.online/en/email-security/nato.int" target="_blank" rel="noopener"><img src="https://spoofchecker.online/api/badge/nato.int?score=67&grade=C" alt="Email security score for nato.int" height="28"></a>