Skip to main content
Log in
CaptainDNS

Email Diagnostics

Tools to verify and validate your email authentication setup.

SPF
DKIM
DMARC
DMARCbis
BIMI
MTA-STS
TLS-RPT
DANE / TLSA

Deliverability

Email deliverability auditMail header analyzerEmail testerIP Blacklist CheckerDomain Blacklist CheckerSPF FlattenerDKIM Selector FinderSMTP/MX Tester

Secure & Monitor

Record generators, policy hosting and continuous monitoring.

Network & Web

Network tools, web page analysis and certificates.

IP Tools

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

IPv6 subnet calculator

Calculate IPv6 subnets, address ranges and reverse DNS entries.

Certificates & BIMI

BIMI logo lookup

Inspect a BIMI logo URL - format, metadata and live rendering - before rollout.

BIMI SVG converter

Convert any SVG to BIMI-compliant Tiny-PS format in seconds.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate - issuer, validity and SAN coverage - before you publish BIMI.

Web

Page size checker

Check if your page exceeds Google's 2 MB crawl limit.

Phishing URL Checker

Check if a URL is flagged as phishing or malware by 4 threat intelligence sources.

Redirect Checker

Analyze HTTP redirect chains

Domain Redirect

Redirect your domains with automatic HTTPS and 301/302 redirects.

Developer Tools

Text utilities and tools for everyday dev work.

Text

Transform and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Password generator

Generate strong random passwords and memorable passphrases instantly.

Developer

Encoding, hashing, regex and formatting for everyday dev work.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Hash Generator

Compute MD5, SHA-1, SHA-256 and SHA-512 hashes of any text.

URL encoder / decoder

Encode or decode text using percent-encoding (RFC 3986) right in your browser.

Regex Tester

Test a regular expression against text and visualize matches.

JSON / YAML Formatter

Format, validate and convert JSON and YAML in one click.

18/ 100

Brookfield Asset Management

bam.brookfield.com · 🇨🇦 CA · financials

🇨🇦 TSX 60

Scan week: 2026-03-23

  • Brookfield Asset Management scores 18/100 and receives a grade of F in the Email Security Observatory.
  • This score is 24 points below the global average of 42/100, indicating areas where email security could be strengthened.
  • Brookfield Asset Management ranks #1423 out of 1601 companies globally in the email security observatory.
  • The score is unchanged from last week.
  • Outbound email security - covering DMARC, SPF, DKIM and BIMI - scores 36/100 (D).
  • Inbound email protection - covering MX, MTA-STS, DANE and TLS-RPT - scores 0/100 (F).
  • DNS security (DNSSEC) scores 0/100 (F).
  • 7 recommendations have been identified to improve Brookfield Asset Management's email security posture.
  • 2 critical issues require immediate attention.
  • Score history spans 4 weeks, enabling week-over-week tracking of email authentication progress.

Outbound

50%
D
36/ 100
dmarc
36/40A
spf
0/30F
dkim
0/25F
bimi
0/5F

Inbound

35%
F
0/ 100
mx
0/40F
mta-sts
0/30F
dane
0/15F
tls-rpt
0/15F

DNS Security

15%
F
0/ 100
dnssec
0/100F

Rankings

global

#1423 / 1601

country CA

#58 / 61

index tsx-60

#57 / 60

sector financials

#202 / 222

Score history

18
03-23
18
03-16
18
03-09
18
03-02

Recommendations

Criticalspf

Add an SPF record to authorize your sending servers

Criticalmx

Add MX records to receive email

Highdkim

No DKIM key detected for this domain

Mediummta-sts

Deploy MTA-STS to enforce TLS for inbound email

Lowbimi

Add a BIMI record with your logo to improve brand visibility in inboxes

Lowtls-rpt

Add a TLS-RPT record to receive TLS failure reports

Lowdnssec

Enable DNSSEC for your domain to improve DNS security

Understanding the company audit

Each company in the Observatory is analyzed weekly for email authentication standards. The audit provides a comprehensive view of the company's email security posture.

What this page shows:

  • Total score - A score out of 100 reflecting overall email security maturity
  • Letter grade - From A+ (excellent) to F (significant gaps)
  • Per-standard analysis - Individual scores for SPF, DKIM, DMARC, BIMI, MTA-STS, DANE/TLSA and DNSSEC
  • Recommendations - Prioritized steps to improve the score

Standards evaluated

  1. SPF - Sender Policy Framework prevents unauthorized servers from sending email on behalf of the domain
  2. DKIM - DomainKeys Identified Mail ensures emails are signed and unaltered during transit
  3. DMARC - Domain-based Message Authentication, Reporting and Conformance ties SPF and DKIM together with a policy
  4. BIMI - Brand Indicators for Message Identification displays the brand logo in supporting email clients
  5. MTA-STS - Mail Transfer Agent Strict Transport Security enforces TLS encryption for inbound email
  6. DNSSEC - Domain Name System Security Extensions prevent DNS spoofing attacks

FAQ - Frequently asked questions

Q: How is the score calculated?

A: Points are awarded for each standard based on configuration quality, totaling up to 100.

Q: What do the grades mean?

A: A+ is excellent (90-100), F indicates significant gaps (below 50).

PagePurpose
Observatory DashboardOverall overview with key metrics
StatisticsCross-index and cross-sector comparison
Email Domain CheckAudit your own domain