Skip to main content
Log in
CaptainDNS

Email Diagnostics

Tools to verify and validate your email authentication setup.

SPF
DKIM
DMARC
DMARCbis
BIMI
MTA-STS
TLS-RPT
DANE / TLSA

Deliverability

Email deliverability auditMail header analyzerEmail testerIP Blacklist CheckerDomain Blacklist CheckerSPF FlattenerDKIM Selector FinderSMTP/MX Tester

Secure & Monitor

Record generators, policy hosting and continuous monitoring.

Network & Web

Network tools, web page analysis and certificates.

IP Tools

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

IPv6 subnet calculator

Calculate IPv6 subnets, address ranges and reverse DNS entries.

Certificates & BIMI

BIMI logo lookup

Inspect a BIMI logo URL - format, metadata and live rendering - before rollout.

BIMI SVG converter

Convert any SVG to BIMI-compliant Tiny-PS format in seconds.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate - issuer, validity and SAN coverage - before you publish BIMI.

Web

Page size checker

Check if your page exceeds Google's 2 MB crawl limit.

Phishing URL Checker

Check if a URL is flagged as phishing or malware by 4 threat intelligence sources.

Redirect Checker

Analyze HTTP redirect chains

Domain Redirect

Redirect your domains with automatic HTTPS and 301/302 redirects.

HTTP Uptime Monitor

Monitor your sites with scheduled HTTP checks and email alerts.

Status Pages

Publish a public status page grouping your HTTP monitors.

Developer Tools

Text utilities and tools for everyday dev work.

Text

Transform and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Password generator

Generate strong random passwords and memorable passphrases instantly.

Developer

Encoding, hashing, regex and formatting for everyday dev work.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Hash Generator

Compute MD5, SHA-1, SHA-256 and SHA-512 hashes of any text.

URL encoder / decoder

Encode or decode text using percent-encoding (RFC 3986) right in your browser.

Regex Tester

Test a regular expression against text and visualize matches.

JSON / YAML Formatter

Format, validate and convert JSON and YAML in one click.

🇭🇰 Email Security in Hong Kong

Weekly audit of email security across 23 listed companies headquartered in Hong Kong.

23 companies analysed · Scan week: 2026-03-23

  • Listed companies headquartered in Hong Kong score an average of 43/100 for email authentication and DNS security.
  • 0% of Hong Kong companies achieve grades A+ or A in email security, while 57% score D or F.
  • This is 1 points above the global average of 42 across all 1601 companies in the observatory.
  • DMARC email authentication is deployed by 78.3% of Hong Kong companies, with 17.4% enforcing a reject policy to prevent domain spoofing.
  • SPF records are published on 96% of analysed domains, authorizing legitimate email senders.
  • BIMI brand indicator adoption stands at 0% in Hong Kong.
  • MTA-STS enforced TLS encryption is deployed by 0% of companies, securing inbound email delivery.
  • DNSSEC domain signing is active on 13% of Hong Kong domains.
  • The highest-scoring company is CLP Holdings with 61/100 (C).
  • Sands China trails at 15/100, with significant room for improvement.
  • Scores range from 15 to 61 with a median of 44, showing disparate email security postures across Hong Kong listed companies.

Average score

43/ 100

DMARC reject

17.4%

BIMI configured

0%

MTA-STS enforce

0%

DNSSEC enabled

13%

0
A+
0
A
0
B
10
C
8
D
5
F

43

Average

44

Median

15

Min

61

Max

Grade
1CLP Holdingsclpgroup.com61C
2Power Assets Holdingspowerassets.com59C
3CK Asset Holdingsckah.com56C
4CK Infrastructurecki.com.hk56C
5Hong Kong Exchanges and Clearinghkexgroup.com53C
6MTR Corporationmtr.com.hk53C
7BOC Hong Kongbochk.com52C
8Henderson Landhld.com52C
9Link REITlinkreit.com51C
10CK Hutchisonckh.com.hk51C
11Chow Tai Fookchowtaifook.com48D
12Hang Seng Bankhangseng.com44D
13Budweiser APACbudweiserapac.com44D
14New World Developmentnwd.com.hk42D
15Galaxy Entertainmentgalaxyentertainment.com41D
16AIA Groupaia.com39D
17Techtronic Industriesttigroup.com35D
18Orient Overseas Container Lineoocl.com35D
19Kingboard Holdingskingboard.com29F
20Wharf REICwharfreic.com26F
21Sun Hung Kai Propertiesshkp.com26F
22Hang Lung Propertieshanglung.com21F
23Sands Chinasandschina.com15F

Understanding country-level analysis

Grouping companies by country reveals how corporate email security practices vary across markets. Countries with stricter regulatory environments or more mature cybersecurity ecosystems tend to show higher average scores.

What this page shows:

  • Average score - The mean email security score across all listed companies in this country
  • Grade distribution - How many companies fall into each grade bracket (A+ through F)
  • DMARC reject rate - The percentage of companies enforcing strict DMARC policies
  • Company table - Individual scores, grades and key indicator status

Key standards tracked

Each company is evaluated on:

  1. SPF - Is the sending policy properly configured? Does it use -all (hard fail)?
  2. DKIM - Are signing keys published and strong enough (2048-bit minimum)?
  3. DMARC - Is a policy in place? Is it set to quarantine or reject?
  4. BIMI - Is the brand logo published for inbox display?
  5. MTA-STS - Is inbound email transport encryption enforced?
  6. DNSSEC - Is the DNS zone signed to prevent spoofing?

FAQ - Frequently asked questions

Q: How are companies grouped by country?

A: Based on the stock exchange where they are listed.

Q: What standards are checked?

A: SPF, DKIM, DMARC, BIMI, MTA-STS, DANE/TLSA and DNSSEC.

Q: Can I compare countries?

A: Yes, via the Statistics page.

PagePurpose
Observatory DashboardOverall overview with key metrics
StatisticsCross-country and cross-sector comparison
Email Domain CheckAudit your own domain