Skip to main content
Log in
CaptainDNS

Email Diagnostics

Tools to verify and validate your email authentication setup.

SPF
DKIM
DMARC
DMARCbis
BIMI
MTA-STS
TLS-RPT
DANE / TLSA

Deliverability

Email deliverability auditMail header analyzerEmail testerIP Blacklist CheckerDomain Blacklist CheckerSPF FlattenerDKIM Selector FinderSMTP/MX Tester

Secure & Monitor

Record generators, policy hosting and continuous monitoring.

Network & Web

Network tools, web page analysis and certificates.

IP Tools

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

IPv6 subnet calculator

Calculate IPv6 subnets, address ranges and reverse DNS entries.

Certificates & BIMI

BIMI logo lookup

Inspect a BIMI logo URL - format, metadata and live rendering - before rollout.

BIMI SVG converter

Convert any SVG to BIMI-compliant Tiny-PS format in seconds.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate - issuer, validity and SAN coverage - before you publish BIMI.

Web

Page size checker

Check if your page exceeds Google's 2 MB crawl limit.

Phishing URL Checker

Check if a URL is flagged as phishing or malware by 4 threat intelligence sources.

Redirect Checker

Analyze HTTP redirect chains

Domain Redirect

Redirect your domains with automatic HTTPS and 301/302 redirects.

Developer Tools

Text utilities and tools for everyday dev work.

Text

Transform and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Password generator

Generate strong random passwords and memorable passphrases instantly.

Developer

Encoding, hashing, regex and formatting for everyday dev work.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Hash Generator

Compute MD5, SHA-1, SHA-256 and SHA-512 hashes of any text.

URL encoder / decoder

Encode or decode text using percent-encoding (RFC 3986) right in your browser.

Regex Tester

Test a regular expression against text and visualize matches.

JSON / YAML Formatter

Format, validate and convert JSON and YAML in one click.

61/ 100

Heineken

theheinekencompany.com · 🇳🇱 NL · consumer-staples

🇳🇱 AEX

Scan week: 2026-03-23

  • Heineken scores 61/100 and receives a grade of C in the Email Security Observatory.
  • This score is 19 points above the global average of 42/100, placing Heineken among the better-protected companies.
  • Heineken ranks #124 out of 1601 companies globally in the email security observatory.
  • The score is unchanged from last week.
  • Outbound email security - covering DMARC, SPF, DKIM and BIMI - scores 64/100 (C).
  • Inbound email protection - covering MX, MTA-STS, DANE and TLS-RPT - scores 40/100 (D).
  • DNS security (DNSSEC) scores 100/100 (A+).
  • 6 recommendations have been identified to improve Heineken's email security posture.
  • Score history spans 4 weeks, enabling week-over-week tracking of email authentication progress.

Outbound

50%
C
64/ 100
dmarc
40/40A
spf
24/30B
dkim
0/25F
bimi
0/5F

Inbound

35%
D
40/ 100
mx
40/40A
mta-sts
0/30F
dane
0/15F
tls-rpt
0/15F

DNS Security

15%
A+
100/ 100
dnssec
100/100A

Rankings

global

#124 / 1601

index aex

#7 / 25

country NL

#8 / 26

sector consumer-staples

#12 / 119

Score history

61
03-23
59
03-16
59
03-09
59
03-02

Recommendations

Highdkim

No DKIM key detected for this domain

Mediumspf

Switch to -all (hardfail) for strict SPF enforcement

Mediummta-sts

Deploy MTA-STS to enforce TLS for inbound email

Lowbimi

Add a BIMI record with your logo to improve brand visibility in inboxes

Lowtls-rpt

Add a TLS-RPT record to receive TLS failure reports

Lowdane

Add DANE/TLSA records to authenticate your MX certificates via DNS

Understanding the company audit

Each company in the Observatory is analyzed weekly for email authentication standards. The audit provides a comprehensive view of the company's email security posture.

What this page shows:

  • Total score - A score out of 100 reflecting overall email security maturity
  • Letter grade - From A+ (excellent) to F (significant gaps)
  • Per-standard analysis - Individual scores for SPF, DKIM, DMARC, BIMI, MTA-STS, DANE/TLSA and DNSSEC
  • Recommendations - Prioritized steps to improve the score

Standards evaluated

  1. SPF - Sender Policy Framework prevents unauthorized servers from sending email on behalf of the domain
  2. DKIM - DomainKeys Identified Mail ensures emails are signed and unaltered during transit
  3. DMARC - Domain-based Message Authentication, Reporting and Conformance ties SPF and DKIM together with a policy
  4. BIMI - Brand Indicators for Message Identification displays the brand logo in supporting email clients
  5. MTA-STS - Mail Transfer Agent Strict Transport Security enforces TLS encryption for inbound email
  6. DNSSEC - Domain Name System Security Extensions prevent DNS spoofing attacks

FAQ - Frequently asked questions

Q: How is the score calculated?

A: Points are awarded for each standard based on configuration quality, totaling up to 100.

Q: What do the grades mean?

A: A+ is excellent (90-100), F indicates significant gaps (below 50).

PagePurpose
Observatory DashboardOverall overview with key metrics
StatisticsCross-index and cross-sector comparison
Email Domain CheckAudit your own domain