Red Shield IT Inc. logo Red Shield IT Inc.Managed IT & Cybersecurity Book a Consultation
Home/Security Tools/Email Security Grader

Free Email Security Tool

Check how well your domain is protected against spoofing, phishing, and email impersonation.

Enter your business domain to review MX records, SPF, DMARC, MTA-STS, TLS-RPT, BIMI, and the reporting controls that help reduce email spoofing exposure.

Run the Tool Talk to Red Shield IT

Run the Tool

What this tool checks

The email grader focuses on the DNS and policy signals that determine whether your domain is easy to spoof, whether Microsoft 365 or another mail platform is being protected properly, and whether reporting is available when impersonation attempts happen.

Enter only the business domain, without http:// or a mailbox address.

Email Security Score

Run the tool to see your results.

When a result is ready, you’ll see your score or risk level, plain-English findings, and the next actions worth prioritizing.

How To Use This Result Safely

Helpful guidance, not a final security or legal conclusion.

This tool uses public records, safe response metadata, or the answers you provide. It does not perform intrusive testing or exploit scanning.

  • Use this result as educational guidance and a discussion starter, not as a penetration test, exploit scan, or final security verdict.
  • Do not treat the result as legal, compliance, insurance, or regulatory advice.
  • Important decisions should still be validated through a professional review of your real environment, vendors, and business requirements.

What this tool checks

The email grader focuses on the DNS and policy signals that determine whether your domain is easy to spoof, whether Microsoft 365 or another mail platform is being protected properly, and whether reporting is available when impersonation attempts happen.

  • MX records so your domain is actually configured for business email
  • SPF to help define which systems are allowed to send on your behalf
  • DMARC presence, policy strength, and reporting options
  • MTA-STS, TLS-RPT, and BIMI records when available

Why email security matters

Businesses are often targeted through invoice fraud, password reset lures, fake executive emails, and mailbox impersonation. SPF and DMARC do not solve every phishing problem, but they are foundational controls that make domain spoofing harder and improve your visibility into abuse.

Professional Review

Want a professional review of your results?

If your results show weak SPF or DMARC coverage, Red Shield IT can help you review Microsoft 365 mail flow, tighten sender alignment, and reduce spoofing exposure safely.

What a consultation can help clarify

  • Whether the result reflects a configuration gap, an operational gap, or both
  • Which issues should be prioritized first for security or business impact
  • What a realistic remediation plan looks like for your environment

Related Tools

Explore the checks that usually pair well with this result.

Domain Security & DNS Health Checker

Check nameservers, DNSSEC, CAA, MX, SPF, and DMARC for your business domain. Review DNS health, email authentication, and domain security posture with plain-English guidance.

Open Tool

Microsoft 365 Security Readiness Score

Measure Microsoft 365 security readiness with a practical checklist covering MFA, conditional access, forwarding rules, backups, device management, and phishing controls.

Open Tool

Phishing Email Risk Checker

Paste suspicious email text to review urgency, impersonation, fake invoice language, suspicious links, and other phishing indicators.

Open Tool

FAQ

Common questions about Email Security Grader.

What does DMARC actually do?

DMARC helps receiving mail systems decide what to do with messages that fail SPF and DKIM alignment. It can also send reports that help you understand who is attempting to send on behalf of your domain.

Is a p=none DMARC policy good enough?

A p=none policy is a useful starting point because it enables reporting, but it does not tell receivers to quarantine or reject failing messages. Stronger enforcement usually comes from moving to quarantine and eventually reject once legitimate senders are aligned.

Does this replace a Microsoft 365 security review?

No. This tool checks domain-level email authentication signals. A Microsoft 365 security review also looks at MFA, conditional access, forwarding controls, user roles, mailbox protections, and tenant administration.