DNS & Email Security Report for globalcyberalliance.org

An automated analysis of globalcyberalliance.org's DNS configuration, email authentication (SPF, DKIM, DMARC), DNSSEC chain, IPv6 readiness, and transport security. Last analyzed June 10, 2026.

A90/100

Very Good

Strong security posture

Overall security score: 90/100 · Grade A (Very Good)

This report is a cached snapshot

DNS changes frequently. Run a fresh, interactive scan of globalcyberalliance.org for live records, propagation, and deep checks.

Run a fresh live scan

Detailed check results

DNS

100%pass

A record presentcritical
3 A record(s) found
AAAA record presentrecommended
3 AAAA record(s) found
MX records presentrecommended
5 MX record(s) found
NS records presentcritical
2 NS record(s) found
SOA record presentcritical
SOA record found
Multiple nameserversrecommended
2 nameservers configured ✓
SOA serial formatinfo
Serial 2406445337 (valid, managed DNS format)
SOA timers validinfo
Refresh: 10000s ✓, Retry: 2400s ✓, Expire: 604800s ✓
No lame nameserversinfo
2 NS all responding ✓
Glue records presentinfo
No glue needed
WWW record configuredinfo
A record matches apex
MX servers have PTR recordsinfo
10 MX IPs all have PTR records ✓
MX servers have FCrDNSinfo
10 MX IPs have forward-confirmed reverse DNS ✓

DNSSEC

100%pass

DNSSEC signedrecommended
DNSSEC is enabled ✓
DNSSEC validation OKcritical
DNSSEC validates correctly ✓
NSEC3 RFC 9276 compliantrecommended
Not applicable (domain uses NSEC or is not DNSSEC-signed)
RRSIG signatures validrecommended
RRSIG signature expires in 1 days — renewal needed
Modern DNSSEC algorithmoptional
ECDSA P-256 (algorithm 13) — modern ✓
DS digest algorithm modernrecommended
DS digest: SHA-256 — modern ✓
DNSKEY algorithm secureoptional
DNSKEY: ECDSA P-256 — modern ✓
RRSIG TTL saferecommended
Record TTLs do not exceed RRSIG validity periods ✓
Chain of trust completecritical
Complete chain: DNSKEY + DS + RRSIG ✓

IPv6

100%pass

Website reachable via IPv6recommended
3 AAAA record(s) ✓
Mail servers reachable via IPv6recommended
5/5 MX server(s) with IPv6 ✓
Nameservers reachable via IPv6recommended
2/2 NS server(s) with IPv6 ✓

Email security

85%pass

SPF record presentcritical
v=spf1 include:_spf.mlsend.com include:_u.globalcyberalliance.org._spf.smart.ondmarc.com include:_spf.google.com -all
SPF syntax validcritical
SPF syntax is correct ✓
SPF policy strict (-all)recommended
SPF uses -all (hard fail) ✓
DKIM foundrecommended
DKIM selector: k1 ✓
DMARC record presentrecommended
v=DMARC1; p=reject; fo=1; rua=mailto:[email protected],mailto:[email protected],mailto:[email protected]; ruf=mailto:[email protected],mailto:[email protected];
DMARC policy quarantine or betterrecommended
DMARC policy: reject ✓
DMARC policy rejectoptional
DMARC policy: reject ✓
BIMI record presentoptional
BIMI logo: https://bimi.entrust.net/globalcyberalliance.org/logo.svg
BIMI configuration validoptional
BIMI correctly configured ✓
MTA-STS record presentoptional
MTA-STS configured ✓
MTA-STS policy enforcedoptional
MTA-STS not configured
MX records validcritical
5 MX record(s) ✓
MX domains use DNSSECrecommended
0/1 MX domain(s) have DNSSEC. Ask your mail provider to enable DNSSEC
MX DNSSEC validation OKrecommended
DNSSEC not enabled for MX domains
Mail servers not blacklistedcritical
1 MX server(s) checked against 16 blacklists - clean ✓
No critical blacklist listingscritical
No blacklist listings ✓

Web security

70%warning

CAA records presentrecommended
10 CAA record(s) ✓
CAA policy strictoptional
CAA limits certificate authorities ✓
TLSA records (DANE)optional
No TLSA/DANE records. Add TLSA at _25._tcp.mail for DANE email encryption
DANE configuration validoptional
No DANE configured
No sensitive info in TXTcritical
No sensitive data leaked ✓
Verification records reviewedinfo
3 verification record(s): Google, Microsoft 365, Apple. Consider if all are still needed
HTTPS availablecritical
HTTPS working (status 403) ✓
Valid certificatecritical
Certificate chain is valid and trusted ✓
HTTP redirects to HTTPScritical
HTTP automatically redirects to HTTPS ✓
HSTS enabledrecommended
HSTS enabled (max-age=15552000, includeSubDomains, preload) ✓
HSTS max-age >= 1 yearoptional
max-age=15552000 is too short. Set to 31536000 (1 year) or higher
X-Frame-Options headerrecommended
X-Frame-Options: SAMEORIGIN ✓
X-Content-Type-Options headerrecommended
X-Content-Type-Options: nosniff ✓
Content-Security-Policy headerrecommended
No Content-Security-Policy header. Add CSP to prevent XSS and other injection attacks
Referrer-Policy headerrecommended
Referrer-Policy: same-origin ✓
security.txt presentoptional
No security.txt. Create /.well-known/security.txt with Contact and Expires fields (RFC 9116)
security.txt validoptional
No security.txt configured
HTTP/3 (QUIC) supportedoptional
HTTP/3 (QUIC v1) on port 443 Detection methods: QUIC probe: inconclusive (no reply — trigger may be dropped or UDP/443 filtered) Alt-Svc header: h3=":443" Cache: 24h (ma=86400) HTTPS DNS record: alpn="h3, h2" Encrypted Client Hello (ECH): supported
QUIC UDP reachableinfo
QUIC probe inconclusive (no reply — trigger may be dropped or UDP/443 filtered). Not a negative signal; h3 is judged from Alt-Svc / HTTPS record
HTTPS DNS record (SVCB)optional
HTTPS record advertises h3, h2 ✓ + ECH

About this report

IntoDNS.AI evaluates globalcyberalliance.org against DNS hygiene, email authentication, and transport-security best practices, scoring each check and rolling them up into an overall grade. Results reflect public DNS as observed on June 10, 2026 and may differ from a live scan if the domain has since changed its configuration.

Setup guides

Free tools

Want to check your own domain? Scan any domain on the homepage.

Last analyzed: June 10, 2026 · Google Public DNS