Skip to main content
Log in
CaptainDNS

Email Diagnostics

Tools to verify and validate your email authentication setup.

SPF
DKIM
DMARC
DMARCbis
BIMI
MTA-STS
TLS-RPT
DANE / TLSA

Deliverability

Email deliverability auditMail header analyzerEmail testerIP Blacklist CheckerDomain Blacklist CheckerSPF FlattenerDKIM Selector FinderSMTP/MX Tester

Secure & Monitor

Record generators, policy hosting and continuous monitoring.

Network & Web

Network tools, web page analysis and certificates.

IP Tools

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

IPv6 subnet calculator

Calculate IPv6 subnets, address ranges and reverse DNS entries.

Certificates & BIMI

BIMI logo lookup

Inspect a BIMI logo URL - format, metadata and live rendering - before rollout.

BIMI SVG converter

Convert any SVG to BIMI-compliant Tiny-PS format in seconds.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate - issuer, validity and SAN coverage - before you publish BIMI.

Web

Page size checker

Check if your page exceeds Google's 2 MB crawl limit.

Phishing URL Checker

Check if a URL is flagged as phishing or malware by 4 threat intelligence sources.

Redirect Checker

Analyze HTTP redirect chains

Domain Redirect

Redirect your domains with automatic HTTPS and 301/302 redirects.

HTTP Uptime Monitor

Monitor your sites with scheduled HTTP checks and email alerts.

Status Pages

Publish a public status page grouping your HTTP monitors.

Developer Tools

Text utilities and tools for everyday dev work.

Text

Transform and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Password generator

Generate strong random passwords and memorable passphrases instantly.

Developer

Encoding, hashing, regex and formatting for everyday dev work.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Hash Generator

Compute MD5, SHA-1, SHA-256 and SHA-512 hashes of any text.

URL encoder / decoder

Encode or decode text using percent-encoding (RFC 3986) right in your browser.

Regex Tester

Test a regular expression against text and visualize matches.

JSON / YAML Formatter

Format, validate and convert JSON and YAML in one click.

🇩🇪 Email Security in Germany

Weekly audit of email security across 38 listed companies headquartered in Germany.

38 companies analysed · Scan week: 2026-03-23

  • Listed companies headquartered in Germany score an average of 54/100 for email authentication and DNS security.
  • 3% of Germany companies achieve grades A+ or A in email security, while 37% score D or F.
  • This is 12 points above the global average of 42 across all 1601 companies in the observatory.
  • DMARC email authentication is deployed by 97.4% of Germany companies, with 63.2% enforcing a reject policy to prevent domain spoofing.
  • SPF records are published on 89% of analysed domains, authorizing legitimate email senders.
  • BIMI brand indicator adoption stands at 16% in Germany.
  • MTA-STS enforced TLS encryption is deployed by 21% of companies, securing inbound email delivery.
  • DNSSEC domain signing is active on 26.3% of Germany domains.
  • The highest-scoring company is Beiersdorf with 90/100 (A).
  • Zalando trails at 19/100, with significant room for improvement.
  • Scores range from 19 to 90 with a median of 54, showing disparate email security postures across Germany listed companies.

Average score

54/ 100

DMARC reject

63.2%

BIMI configured

16%

MTA-STS enforce

21%

DNSSEC enabled

26.3%

0
A+
1
A
5
B
18
C
11
D
3
F

54

Average

54

Median

19

Min

90

Max

Grade
1Beiersdorfbeiersdorf.com90A
2Freseniusfresenius.com81B
3Heidelberg Materialsheidelbergmaterials.com75B
4Münchener Rück (Munich Re)munichre.com73B
5Merck KGaAmerckgroup.com70B
6Commerzbankcommerzbank.com70B
7BASFbasf.com67-3C
8Henkelhenkel.com65C
9Sartoriussartorius.com64C
10Porsche AGporsche.com63C
11Siemenssiemens.com61C
12SAPsap.com60+2C
13Allianzallianz.com60C
14Covestrocovestro.com59C
15MTU Aero Enginesmtu.de57C
16Deutsche Bankdb.com56+1C
17Brenntagbrenntag.com56C
18BMWbmwgroup.com55C
19Siemens Energysiemens-energy.com54C
20Porsche SEporsche-se.com54C
21Siemens Healthineerssiemens-healthineers.com53+1C
22Deutsche Börsedeutsche-boerse.com52C
23RWErwe.com52C
24Adidasadidas-group.com51C
25Symrisesymrise.com49D
26Deutsche Post (DHL)dpdhl.com48D
27Daimler Truckdaimlertruck.com48D
28E.ONeon.com47-2D
29Deutsche Telekomtelekom.com46D
30Continentalcontinental.com45D
31Infineoninfineon.com45D
32Deutsche Lufthansalufthansagroup.com43D
33Mercedes-Benzmercedes-benz.com43D
34Hannover Rehannover-re.com40D
35Bayerbayer.com31D
36Vonoviavonovia.com29F
37Rheinmetallrheinmetall.com27F
38Zalandocorporate.zalando.com19+1F

Understanding country-level analysis

Grouping companies by country reveals how corporate email security practices vary across markets. Countries with stricter regulatory environments or more mature cybersecurity ecosystems tend to show higher average scores.

What this page shows:

  • Average score - The mean email security score across all listed companies in this country
  • Grade distribution - How many companies fall into each grade bracket (A+ through F)
  • DMARC reject rate - The percentage of companies enforcing strict DMARC policies
  • Company table - Individual scores, grades and key indicator status

Key standards tracked

Each company is evaluated on:

  1. SPF - Is the sending policy properly configured? Does it use -all (hard fail)?
  2. DKIM - Are signing keys published and strong enough (2048-bit minimum)?
  3. DMARC - Is a policy in place? Is it set to quarantine or reject?
  4. BIMI - Is the brand logo published for inbox display?
  5. MTA-STS - Is inbound email transport encryption enforced?
  6. DNSSEC - Is the DNS zone signed to prevent spoofing?

FAQ - Frequently asked questions

Q: How are companies grouped by country?

A: Based on the stock exchange where they are listed.

Q: What standards are checked?

A: SPF, DKIM, DMARC, BIMI, MTA-STS, DANE/TLSA and DNSSEC.

Q: Can I compare countries?

A: Yes, via the Statistics page.

PagePurpose
Observatory DashboardOverall overview with key metrics
StatisticsCross-country and cross-sector comparison
Email Domain CheckAudit your own domain