Quick email security evaluation:
* internet.nl/test-mail/ to perform an external scan of the domain
* send mail to havedane.net addresses to verify DANE enforcement
* email check-auth@verifier.port25.com to verify outbound mail passes the configured anti-spoofing
Conversation
Replying to
* send a spoofed mail to the server to verify inbound DMARC (example: on Gmail account, add + verify external on domain with DMARC p=reject and send as it)
* hardenize.com can verify MTA-STS for inbound from providers lacking DANE, outbound is a pain to test (stateful)
2
3