alanberger.me.uk

HOME
MUSIC
EMAIL
CONTACT
APPS
B2
ABOUT
DNS Email Security Report
alanberger.me.uk
Generated 2026-04-29 10:35:01 UTC
Overall posture: 1 warning(s) — no critical issues 5 pass  /  1 warn  /  0 fail
Pass — correctly configured
Warning — present but suboptimal
Fail — missing or critically misconfigured
MX Records ✓ PASS

MX records are present. This domain can receive email.

  • 0 batfinkmail.alanberger.me.uk.
SPF Record ✓ PASS

SPF record is valid with 1 DNS lookup(s) (limit is 10, RFC 7208). Authorised senders are correctly defined.

  • v=spf1 ip4:46.224.51.153 ip6:2a01:4f8:1c18:2c1a::1 -all
  • DNS Lookups: 1/10
DKIM Record (selectors: batfinkmail, karatemail) ✓ PASS

DKIM signing key found. Outbound mail can be cryptographically signed, allowing receivers to verify it was not tampered with in transit.

  • batfinkmail: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Sv6v1ke2rk8L6VP1O26ajbTNxV2vbgSh6ZFkAyzvkaHR0BSOsBtiiv+VY/SQDCKBHXE4NiZIyw8zglm7aGPvbI4lgdQitAzqYZ5ZM+An/k/qjcu/8YaKo26aFwzZ1MFILzv2qUcyuM6kIINcEQsLQ5jaQ0I/0ZszXDK8QVFq0tiYmlPVT46/PODmhgBlQK2t" "DOwoMxN4UumbdMmZx9G1JHHy5XF7SVQJpXZ8xXtOm0Bg4qe+UuNvVb0creHYFP1YGRRdlA2DjY5VRE+iE3Y29FDwdZimoh60W+Yk0aaEaEfmfH6iuouaQmGbaFWpoX9egdvO2ftjbyzkQq3Jh/MzwIDAQAB
  • karatemail: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WSUun9X5tnxMI88QWbIrl8B1wPD6kh0dmXcx906UjjXjod3+5X8YN+w3UnKNibMPmuWwRhhJFb+GTNcLhrf+YTYLo/V2lWyFILN1EJIw4B+rYZ4OLnu5j/A9jUZ5OEwruqwf/EwT8K7g8GrcMPSHWGme07aIQlMJZnGJbu55Erf9gV0O3/mg5HxOUEGFJ9Ou" "Q6wCf8WsKT+HpSxsyrep8V9tvYrDU6xSpMAfjB3cPuW9f9LhtMcfe3cPZ+yzE8TXUIr6WDZ+Htrvb7EvMI3dnPG7JlTIXlrFD0AnpcyHmfWV32U//vDrI+r6DRJhmdjJZFbf+Dbm1tkjS+KVV4pvwIDAQAB
DMARC Record ✓ PASS

Strong DMARC enforcement (p=reject) with strict SPF and DKIM alignment. Spoofed or unauthenticated mail is rejected outright. This is the most secure posture.

  • v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;pct=100;fo=1;rf=afrf;ri=86400;rua=mailto:svxncyul@ag.eu.dmarcian.com,mailto:fdb3ffde704144e784647ca7f0ac1bb5@dmarc-reports.cloudflare.net,mailto:dma@alanberger.me.uk;ruf=mailto:svxncyul@fr.eu.dmarcian.com,mailto:" "dma@alanberger.me.uk
  • Policy=REJECT, ASPF=S, ADKIM=S
MTA-STS Record ✓ PASS

MTA-STS policy is active in enforce mode with correct MX alignment. Sending mail servers must use valid TLS when delivering to this domain.

  • v=STSv1; id=202604201516
  • Mode: enforce — sending MTAs must establish valid TLS or the message is rejected
  • max_age: 86400s — receiving MTAs will cache this policy for 1 day(s)
  • MX pattern 'batfinkmail.alanberger.me.uk': matches DNS MX record ✓
BIMI Record ⚠ WARNING

BIMI is partially configured. Without a VMC or CMC the logo will only display in providers that support self-asserted BIMI (Yahoo, Fastmail). Gmail and Apple Mail require a VMC.

  • v=BIMI1; l=https://alanberger.me.uk/bimi/bimilogo.svg; avp=brand;
  • No VMC (a=) in BIMI record — logo will not display in Gmail or Apple Mail. Yahoo and Fastmail support self-asserted BIMI without a VMC.
  • Logo SVG accessible at https://alanberger.me.uk/bimi/bimilogo.svg
  • SVG passes all required BIMI Tiny P/S checks
HOW TO FIX
  • A Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) is required by Gmail and Apple Mail. VMCs or CMCs are issued by DigiCert and in the case of a VMC, require your logo to be a registered trademark.They cost an extortionate amount of money per year.
  • Without a VMC or CMC, BIMI should still function on Yahoo Mail and Fastmail — However this may depend on building trust or they may have changed policy altogether, useful for testing and for reaching users on those platforms.
  • To add a VMC or CMC later: obtain one from DigiCert, host the .pem file over HTTPS, and add a=<url> to your BIMI DNS record.
Generated by check_dns — MX · SPF · DKIM · DMARC · MTA-STS · BIMI