Results for tfsi.dev
Analysis performed on April 15, 2026 at 02:51 PM
DKIM
OKSelectors: mailDMARC
Warningv=DMARC1; p=none; rua=mailto:dmarc-reports@tfsi.dev; ruf=mailto:dmarc-reports@tfsi.dev; sp=none; ri=43200MX
OKmail.tfsi.devRecommendations
1Change your DMARC policy from p=none to p=reject to block spoofing
With p=none, your DMARC record only monitors — it doesn't actually block spoofed emails. Attackers can still send emails as your domain and they'll be delivered normally. Switching to p=reject instructs receiving servers to drop fraudulent messages before they reach the inbox.
2Harden your SPF by replacing ~all with -all (hardfail)
With ~all (softfail), unauthorized senders are flagged but emails are usually still delivered. Switching to -all (hardfail) explicitly tells receiving servers to reject emails from unauthorized sources, providing much stronger protection against spoofing.
3Fix your MTA-STS policy file — it could not be fetched
Your domain has an MTA-STS DNS record, but the policy file at https://mta-sts.yourdomain/.well-known/mta-sts.txt is unreachable. Without a valid policy file, MTA-STS provides no protection. Check that the subdomain mta-sts.yourdomain resolves correctly and serves the policy over HTTPS.
Need help securing your domain?
If you're not sure how to apply these fixes, get in touch and we'll help you out.
Contact usBadge for your website
Display your email security score on your website.
<a href="https://spoofchecker.online/en/email-security/tfsi.dev" target="_blank" rel="noopener"><img src="https://spoofchecker.online/api/badge/tfsi.dev?score=65&grade=C" alt="Email security score for tfsi.dev" height="28"></a>