Skip to main content
Log in
CaptainDNS

Email Diagnostics

Tools to verify and validate your email authentication setup.

SPF
DKIM
DMARC
DMARCbis
BIMI
MTA-STS
TLS-RPT
DANE / TLSA

Deliverability

Email deliverability auditMail header analyzerEmail testerIP Blacklist CheckerDomain Blacklist CheckerSPF FlattenerDKIM Selector FinderSMTP/MX Tester

Secure & Monitor

Record generators, policy hosting and continuous monitoring.

Network & Web

Network tools, web page analysis and certificates.

IP Tools

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

IPv6 subnet calculator

Calculate IPv6 subnets, address ranges and reverse DNS entries.

Certificates & BIMI

BIMI logo lookup

Inspect a BIMI logo URL - format, metadata and live rendering - before rollout.

BIMI SVG converter

Convert any SVG to BIMI-compliant Tiny-PS format in seconds.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate - issuer, validity and SAN coverage - before you publish BIMI.

Web

Page size checker

Check if your page exceeds Google's 2 MB crawl limit.

Phishing URL Checker

Check if a URL is flagged as phishing or malware by 4 threat intelligence sources.

Redirect Checker

Analyze HTTP redirect chains

Domain Redirect

Redirect your domains with automatic HTTPS and 301/302 redirects.

HTTP Uptime Monitor

Monitor your sites with scheduled HTTP checks and email alerts.

Status Pages

Publish a public status page grouping your HTTP monitors.

Developer Tools

Text utilities and tools for everyday dev work.

Text

Transform and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Password generator

Generate strong random passwords and memorable passphrases instantly.

Developer

Encoding, hashing, regex and formatting for everyday dev work.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Hash Generator

Compute MD5, SHA-1, SHA-256 and SHA-512 hashes of any text.

URL encoder / decoder

Encode or decode text using percent-encoding (RFC 3986) right in your browser.

Regex Tester

Test a regular expression against text and visualize matches.

JSON / YAML Formatter

Format, validate and convert JSON and YAML in one click.

🇪🇸 Email Security in Spain

Weekly audit of email security across 34 listed companies headquartered in Spain.

34 companies analysed · Scan week: 2026-03-23

  • Listed companies headquartered in Spain score an average of 48/100 for email authentication and DNS security.
  • 0% of Spain companies achieve grades A+ or A in email security, while 56% score D or F.
  • This is 6 points above the global average of 42 across all 1601 companies in the observatory.
  • DMARC email authentication is deployed by 94.1% of Spain companies, with 61.8% enforcing a reject policy to prevent domain spoofing.
  • SPF records are published on 94% of analysed domains, authorizing legitimate email senders.
  • BIMI brand indicator adoption stands at 9% in Spain.
  • MTA-STS enforced TLS encryption is deployed by 0% of companies, securing inbound email delivery.
  • DNSSEC domain signing is active on 8.8% of Spain domains.
  • The highest-scoring company is CaixaBank with 75/100 (B).
  • Banco Sabadell trails at 15/100, with significant room for improvement.
  • Scores range from 15 to 75 with a median of 48, showing disparate email security postures across Spain listed companies.

Average score

48/ 100

DMARC reject

61.8%

BIMI configured

9%

MTA-STS enforce

0%

DNSSEC enabled

8.8%

0
A+
0
A
2
B
13
C
18
D
1
F

48

Average

48

Median

15

Min

75

Max

Grade
1CaixaBankcaixabank.com75B
2Fluidrafluidra.com73B
3Amadeus IT Groupamadeus.com67C
4Repsolrepsol.com66+2C
5BBVAbbva.com59C
6Inditexinditex.com58C
7Acerinoxacerinox.com56C
8Aenaaena.es54C
9ACSgrupoacs.com53C
10International Consolidated Airlines Groupiairgroup.com52C
11Mapfremapfre.com52C
12Red Eléctricaree.es52C
13Sacyrsacyr.com52C
14Enagásenagas.es50C
15EDP Renováveisedpr.com50C
16Cellnex Telecomcellnex.com49D
17Ferrovialferrovial.com49D
18Bankinterbankinter.com47D
19Banco Santandersantander.com47D
20Colonialinmocolonial.com46D
21CIE Automotivecieautomotive.com46D
22Merlin Propertiesmerlinproperties.es46D
23Naturgynaturgy.com46D
24Accionaacciona.com46D
25Unicaja Bancounicajabanco.es45D
26Indraindracompany.com44D
27Iberdrolaiberdrola.com43+2D
28Telefónicatelefonica.com42D
29Grifolsgrifols.com36D
30Endesaendesa.com33D
31PharmaMarpharmamar.com32D
32Solariasolaria.es32D
33Meliá Hotelsmeliahotelsinternational.com31+2D
34Banco Sabadellgrupbancsabadell.com15F

Understanding country-level analysis

Grouping companies by country reveals how corporate email security practices vary across markets. Countries with stricter regulatory environments or more mature cybersecurity ecosystems tend to show higher average scores.

What this page shows:

  • Average score - The mean email security score across all listed companies in this country
  • Grade distribution - How many companies fall into each grade bracket (A+ through F)
  • DMARC reject rate - The percentage of companies enforcing strict DMARC policies
  • Company table - Individual scores, grades and key indicator status

Key standards tracked

Each company is evaluated on:

  1. SPF - Is the sending policy properly configured? Does it use -all (hard fail)?
  2. DKIM - Are signing keys published and strong enough (2048-bit minimum)?
  3. DMARC - Is a policy in place? Is it set to quarantine or reject?
  4. BIMI - Is the brand logo published for inbox display?
  5. MTA-STS - Is inbound email transport encryption enforced?
  6. DNSSEC - Is the DNS zone signed to prevent spoofing?

FAQ - Frequently asked questions

Q: How are companies grouped by country?

A: Based on the stock exchange where they are listed.

Q: What standards are checked?

A: SPF, DKIM, DMARC, BIMI, MTA-STS, DANE/TLSA and DNSSEC.

Q: Can I compare countries?

A: Yes, via the Statistics page.

PagePurpose
Observatory DashboardOverall overview with key metrics
StatisticsCross-country and cross-sector comparison
Email Domain CheckAudit your own domain