DNS Analysis Results

apple.com
New Analysis
DNS & Trust Posture: PARTIAL
Some critical security controls are missing.
1 issue
Findings Summary
Action Required:
  • DNSSEC not enabled (DNS responses can be spoofed)
Configured:
  • BIMI (brand logo configured)
Not Configured:
  • MTA-STS (email TLS policy)
  • TLS-RPT (TLS delivery reporting)
Registrar (RDAP)
NOM-IQ Ltd dba Com Laude
Where you pay to own domain
Email Service Provider
Apple.Com
Where email is hosted (MX)
Web Hosting
Unknown
Where website is hosted
DNS Hosting
Standard
Where DNS records are edited
Email Security Can this domain be impersonated by email? No
Verdict: Receivers can cryptographically verify mail and will reject spoofed messages.
SPF Record Success

Valid SPF record found

v=spf1 include:_spf.apple.com include:_spf-txn.apple.com ~all
DMARC Policy Success REJECT

DMARC policy is set to "reject" - excellent protection

v=DMARC1; p=quarantine; sp=reject; rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com;
DKIM Records Success

Found DKIM records for 2 selector(s)

selector1._domainkey
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGh555cVTGrCFyGsKqZyAehAhyNLVzwSCNdtgBSol5e/KboxA6edyqdfl1EL279hNdHM9UWcXcgk/HhKPQdmgzMTA927ZXxrsHxMHjVl7Bid78qOIebr75prj3jxuH8KrZfNe14l/dh6TJZt/SkEncmhbVx/tNy9lrHkN5T7LXjQIDAQAB; n=1024,1483209771,1498848171
selector2._domainkey
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw9ZicGGW3gn0iKQfcnOsMVy+uLl+YMFonHmEslnpniYxIZ8z0Fn5nY2Gx/m69EHq05WQ8zQ0hRP8d/B0lrPIm6O3c2hiO1sQrJUnwH3jo0/asN6kRFXjTiU/PdlmWhyLdYSv80zNlKpq7qWnsvtlTfJhatEJATM1gZOtspjqLzQIDAQAB; n=1024,1483209771,1
MTA-STS Warning

No valid MTA-STS record found

TLS-RPT Warning

No TLS-RPT record found

Brand Security Can my brand be convincingly faked? No
Verdict: Attackers cannot easily spoof your logo or obtain fraudulent TLS certificates.
BIMI (Brand Logo) Success VMC

BIMI configured with VMC certificate - brand logo will display in supported email clients

VMC verified - logo displays in Gmail, Apple Mail, and all major providers.
v=BIMI1;l=https://www.apple.com/bimi/v2/apple.svg;a=https://www.apple.com/bimi/v2/apple.pem;
BIMI Logo
Logo found View full logo
CAA (Certificate Authority) Success IODEF

CAA configured - only pki.apple.com can issue certificates

Authorized CAs: pki.apple.com
0 issuewild "pki.apple.com"
0 iodef "mailto:contact_pki@apple.com"
0 issue "pki.apple.com"
Domain Security Can DNS itself be tampered with? Partially
Verdict: Delegation is verified but DNS responses are unsigned and could be spoofed.
DNSSEC Unsigned

DNSSEC not configured - DNS responses are unsigned

Without DNSSEC, DNS responses can be spoofed. Enable at your DNS provider for cryptographic verification.
NS Delegation Verified

4 nameserver(s) configured

Nameservers: a.ns.apple.com b.ns.apple.com c.ns.apple.com d.ns.apple.com
Traffic & Routing Where traffic flows & how services resolve
AIPv4 Address
17.253.144.10
Where the domain points for web traffic
AAAAIPv6 Address
2620:149:af0::10
IPv6 ready
MXMail Servers
20 mx-in-ma.apple.com.
10 mx-in.g.apple.com.
20 mx-in-hfd.apple.com.
20 mx-in-sg.apple.com.
20 mx-in-vib.apple.com.
20 mx-in-rn.apple.com.
Priority + mail server for email delivery
SRVServices
No SRV records
No service-specific routing configured
Web: Reachable (1 IPv4, 1 IPv6) Mail: 6 servers Services: None
Δ No Propagation Issues: All DNS records are synchronized between resolver and authoritative nameserver.
Evidence: Resolver Records (Raw DNS data)
A 1 record
Synchronized
17.253.144.10
AAAA 1 record
Synchronized
2620:149:af0::10
MX 6 records
Synchronized
20 mx-in-ma.apple.com.
10 mx-in.g.apple.com.
20 mx-in-hfd.apple.com.
20 mx-in-sg.apple.com.
20 mx-in-vib.apple.com.
20 mx-in-rn.apple.com.
TXT 19 records
Synchronized
facebook-domain-verification=n6cqjfucq6plswmtfbwnbbeu1qiq3v
adobe-idp-site-verification=6bd5e74c-a3a0-4781-b2e1-e95399b5e11c
google-site-verification=zBSq1mG5ssu2If-C17UAz_MzSZDcx03MVxmeDwMNc5w
v=spf1 include:_spf.apple.com include:_spf-txn.apple.com ~all
apple-domain-verification=X5Jt76bn3Dnmgzjj
miro-verification=2494d255c4c50b1e521650a0659cbf3fa08b0072
google-site-verification=8M6XjQCzydT62jk8HY3VXPAG-nKDllTRV-JpA3-Ktyw
cerner-client-id=ce3abf18-ee87-43b9-9927-9eb24b4bac4a
Dynatrace-site-verification=7d881a7c-c13f-4146-9d27-2731459e2509__iqls0105tagglcsaul0m16ibrf
atlassian-domain-verification=mLabq99iaT8kquJechF6l31FAYoNUe3WB7tLpLFUiUYVJCse9SKq83hOJzFkwqrh
cerner-client-id=22dd1d8a-5e8b-4e1e-80ef-39bcdfd42798
json:eyJ3aHkiOiJUaGlzIGlzIHRvIHRydW5jYXRlIFVEUCByZXNwb25zZXMgZm9yIFRYVCBxdWVyaWVzIHRvIGFwcGxlLmNvbSIsInBhZGRpbmciOiJxdWFoMGVpamFhNGVlajh0aWVkYWlnaG9jZWljaGFlOGVUb3ppZTVmdTVhaFRoMldlaU00aWsyaHVxdThpZXBoaWVxdW9oc2hlaXBhZWdoOUthZWw3b2NoaWVuZ2llem9lc2g1In0K
yahoo-verification-key=Ay+djyw0qWQgXKWGA/jstjYryTMrKb+PBXI5l8u5/jw=
google-site-verification=L5kkMdiFI8npvb6KlHui84fJaCw5G64DWhaDRIAT4_c
cisco-ci-domain-verification=6f3bfb849796a518061f8e8c4356f687a138502d86db742791685059176547dd
webexdomainverification.8C462=b728ec3f-dfc9-42f9-92cb-9ba8853cbee8
77a4a6de-da14-449c-83c4-85366e0f55f9
ValidationTokenValue=77a4a6de-da14-449c-83c4-85366e0f55f9
json:eyJ3aHkiOiJUaGlzIGlzIHRvIHRydW5jYXRlIFVEUCByZXNwb25zZXMgZm9yIFRYVCBxdWVyaWVzIHRvIGFwcGxlLmNvbSIsInBhZGRpbmciOiJpZW4wYWVHaGF0aG9oNmhhaHZpZWphaTNlYXkwYWh2YWhjaGFocXVhZWxlZTBZdWw0cGhpZXRoMHNvNXZpZXllZWNvaDRpZThzaGVlcGllVDNwYWVjaGVpVjZqb2h3aWVwaG82In0K
NS 4 records
Synchronized
d.ns.apple.com.
c.ns.apple.com.
b.ns.apple.com.
a.ns.apple.com.
CNAME No records
No records found
Tip: CNAMEs are usually on subdomains. Try searching www.apple.com or another subdomain.
SRV No records
No records found
Evidence: Authoritative Records (Direct from nameserver)
A 1 record
17.253.144.10
AAAA 1 record
2620:149:af0::10
MX 6 records
10 mx-in.g.apple.com.
20 mx-in-ma.apple.com.
20 mx-in-rn.apple.com.
20 mx-in-sg.apple.com.
20 mx-in-hfd.apple.com.
20 mx-in-vib.apple.com.
TXT 19 records
77a4a6de-da14-449c-83c4-85366e0f55f9
apple-domain-verification=X5Jt76bn3Dnmgzjj
cerner-client-id=22dd1d8a-5e8b-4e1e-80ef-39bcdfd42798
cerner-client-id=ce3abf18-ee87-43b9-9927-9eb24b4bac4a
ValidationTokenValue=77a4a6de-da14-449c-83c4-85366e0f55f9
miro-verification=2494d255c4c50b1e521650a0659cbf3fa08b0072
facebook-domain-verification=n6cqjfucq6plswmtfbwnbbeu1qiq3v
v=spf1 include:_spf.apple.com include:_spf-txn.apple.com ~all
adobe-idp-site-verification=6bd5e74c-a3a0-4781-b2e1-e95399b5e11c
webexdomainverification.8C462=b728ec3f-dfc9-42f9-92cb-9ba8853cbee8
yahoo-verification-key=Ay+djyw0qWQgXKWGA/jstjYryTMrKb+PBXI5l8u5/jw=
google-site-verification=8M6XjQCzydT62jk8HY3VXPAG-nKDllTRV-JpA3-Ktyw
google-site-verification=L5kkMdiFI8npvb6KlHui84fJaCw5G64DWhaDRIAT4_c
google-site-verification=zBSq1mG5ssu2If-C17UAz_MzSZDcx03MVxmeDwMNc5w
Dynatrace-site-verification=7d881a7c-c13f-4146-9d27-2731459e2509__iqls0105tagglcsaul0m16ibrf
cisco-ci-domain-verification=6f3bfb849796a518061f8e8c4356f687a138502d86db742791685059176547dd
atlassian-domain-verification=mLabq99iaT8kquJechF6l31FAYoNUe3WB7tLpLFUiUYVJCse9SKq83hOJzFkwqrh
json:eyJ3aHkiOiJUaGlzIGlzIHRvIHRydW5jYXRlIFVEUCByZXNwb25zZXMgZm9yIFRYVCBxdWVyaWVzIHRvIGFwcGxlLmNvbSIsInBhZGRpbmciOiJpZW4wYWVHaGF0aG9oNmhhaHZpZWphaTNlYXkwYWh2YWhjaGFocXVhZWxlZTBZdWw0cGhpZXRoMHNvNXZpZXllZWNvaDRpZThzaGVlcGllVDNwYWVjaGVpVjZqb2h3aWVwaG82In0K
json:eyJ3aHkiOiJUaGlzIGlzIHRvIHRydW5jYXRlIFVEUCByZXNwb25zZXMgZm9yIFRYVCBxdWVyaWVzIHRvIGFwcGxlLmNvbSIsInBhZGRpbmciOiJxdWFoMGVpamFhNGVlajh0aWVkYWlnaG9jZWljaGFlOGVUb3ppZTVmdTVhaFRoMldlaU00aWsyaHVxdThpZXBoaWVxdW9oc2hlaXBhZWdoOUthZWw3b2NoaWVuZ2llem9lc2g1In0K
NS 4 records
a.ns.apple.com.
b.ns.apple.com.
c.ns.apple.com.
d.ns.apple.com.
Analyze Another Domain