unrulymedia.com

Name: unrulymedia.com Email Security Posture Assessment
Creator: RacterMX
License: https://creativecommons.org/licenses/by-nc/4.0/

Posture Score: 92/100

Scanned May 29, 2026 at 1:59 AM UTC

Score History

Identity

Attack Surface

Reputation

Attack Surface Findings

Domain enumerability: medium

The domain has moderate enumerability. CT logs and DNS records reveal significant information about the domain structure.

💡 Restrict zone transfers, use NSEC3 instead of NSEC, consider wildcard certificates to reduce CT log exposure, and implement rate limiting on DNS queries.

medium

DNSSEC is not enabled

No DNSKEY or DS records were found. DNS responses are not cryptographically authenticated.

💡 Enable DNSSEC by generating DNSKEY records and publishing DS records at the registrar.

medium

All MX records resolve correctly

No dangling MX records detected — all MX hostnames resolve to valid IP addresses.

pass

Explicit MX records present

The domain has explicit MX records — no implicit A-record fallback delivery.

pass

No internal information leakage detected

No non-routable IP addresses or internal references were found in public DNS records.

pass

No excessive DNS information exposure detected

No HINFO, LOC, RP records, version disclosures, or zone walking vulnerabilities were found.

pass

No email autodiscovery endpoints detected

No Microsoft Autodiscover, Mozilla Autoconfig, or email SRV records were found.

pass

6 subdomain(s) discovered for unrulymedia.com

Subdomains were enumerated via Certificate Transparency logs, DNS wordlist brute-forcing, and DNS record analysis.

informational

0 certificate(s) found in CT logs

Certificate Transparency logs contain 0 certificate(s) for unrulymedia.com and its subdomains. Each certificate reveals subdomain names.

informational

Dependency Chains

DMARC Authentication Chain (SPF)

DMARC uses SPF to verify that emails come from authorized servers

SPF Record SPF record found and configured → DMARC Policy DMARC policy: none

DMARC Authentication Chain (DKIM)

DMARC uses DKIM to verify that emails have not been tampered with

DKIM Signature DKIM signature missing → DMARC Policy DMARC policy: none

⚠️ DKIM signature is missing. DMARC relies on DKIM to verify email integrity and prevent tampering. Without DKIM, DMARC alignment will fail for cryptographic verification.

Mail Server Identity: usb-smtp-inbound-1.mimecast.com

PTR record proves mail server legitimacy

MX: usb-smtp-inbound-1.mimecast.com Mail server at 170.10.150.242 → PTR Record Reverse DNS: usb-smtp-delivery-2.mimecast.com

Mail Server Identity: usb-smtp-inbound-2.mimecast.com

PTR record proves mail server legitimacy

MX: usb-smtp-inbound-2.mimecast.com Mail server at 170.10.150.242 → PTR Record Reverse DNS: usb-smtp-delivery-2.mimecast.com

Mail Server Identity: unrulymedia-com.mail.protection.outlook.com

PTR record proves mail server legitimacy

MX: unrulymedia-com.mail.protection.outlook.com Mail server at 52.101.9.11 → PTR Record Reverse DNS: mail-bl2pr04cu00103.inbound.protection.outlook.com

Mail Server Reputation: usb-smtp-inbound-1.mimecast.com

RBL check ensures server is not blacklisted

MX: usb-smtp-inbound-1.mimecast.com Mail server at 170.10.150.242 → RBL Status Not blacklisted

Mail Server Reputation: usb-smtp-inbound-2.mimecast.com

RBL check ensures server is not blacklisted

MX: usb-smtp-inbound-2.mimecast.com Mail server at 170.10.150.242 → RBL Status Not blacklisted

Mail Server Reputation: unrulymedia-com.mail.protection.outlook.com

RBL check ensures server is not blacklisted

MX: unrulymedia-com.mail.protection.outlook.com Mail server at 52.101.9.11 → RBL Status Not blacklisted

Enforced Encryption Chain

MTA-STS enforces TLS encryption to prevent man-in-the-middle attacks

TLS Support Mail servers support TLS encryption → MTA-STS Policy MTA-STS not configured

⚠️ MTA-STS policy is missing. Even with TLS support, you lack the enforcement layer that prevents attackers from stripping encryption (downgrade attacks).

Brand Identity Chain

BIMI displays your logo in email clients, but requires DMARC enforcement

DMARC Enforcement DMARC not enforced (p=none or missing) → BIMI Record BIMI not configured

⚠️ DMARC is not enforced. BIMI requires a DMARC policy of "quarantine" or "reject" to prove you have strong email authentication. Without enforcement, email clients will not display your logo.

TLS Monitoring Chain

TLS-RPT provides reports about TLS connection failures

TLS Support Mail servers support TLS encryption → TLS-RPT Reporting TLS-RPT not configured

⚠️ TLS-RPT is not configured. Without TLS reporting, you have no visibility into TLS connection failures that may be impacting email delivery.

Security Checks

MX Records

✓

SPF Record

✓

DKIM Record

✗

DMARC Policy

✓

BIMI Record

✗

CAA Records

✗

DNSSEC

✗

MTA-STS

✗

TLS-RPT

✗

Embed Badge

Display your domain's security grade on your website or README:

Want to re-scan this domain for updated results?

Scan unrulymedia.com Again