Skip to main content

Remediation: mobilecommercepress.com

Scan #786 · 14 Feb 2026, 05:52 UTC · Achievable posture: Medium Risk

Full Report Re-Scan to Verify
7 remediation items found. Click any record value to copy it to your clipboard, then paste it into your DNS provider.

Provider Quick Guide

  1. Log in to dash.cloudflare.com and select your domain
  2. Go to DNS → Records
  3. Click Add Record
  4. Select the Type shown below (TXT, CNAME, MX, etc.)
  5. Paste the Name (host) and Content (value) from each card below
  6. Set Proxy status to DNS only (grey cloud) for email records
  7. Click Save
  1. Log in to dcc.godaddy.com
  2. Select your domain, then click DNS (or Manage DNS)
  3. Scroll to DNS Records and click Add New Record
  4. Select the Type shown below
  5. In Name, enter the host (use @ for the root domain)
  6. In Value, paste the record value from the card below
  7. Click Save
  1. Log in to your DNS hosting provider's control panel
  2. Navigate to DNS Management or Zone Editor
  3. Add a new record with the type, host, and value shown in each card below
  4. For the host field, use @ if your provider requires it for the root domain
  5. Save and allow up to 24–48 hours for propagation (usually much faster)

DNS Records to Add or Update

Critical dmarc Publish DMARC policy

DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receivers how to handle messages that fail SPF/DKIM checks. Without DMARC, failed authentication checks are ignored. Start with p=none and rua reporting to monitor, then escalate to p=quarantine and p=reject.

Record Type
Host / Name
Value / Content
Full record (click to copy)
_dmarc.mobilecommercepress.com TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@mobilecommercepress.com"
RFC 7489 §6.3
Medium mta_sts Deploy MTA-STS policy

Publish an MTA-STS DNS record and host a policy file at https://mta-sts.mobilecommercepress.com/.well-known/mta-sts.txt. This tells senders to require TLS when delivering mail to your domain.

Record Type
Host / Name
Value / Content
Full record (click to copy)
_mta-sts.mobilecommercepress.com TXT "v=STSv1; id=20240101"
RFC 8461 §3
Low spf Upgrade SPF to hard fail (-all)

Your SPF record uses ~all (softfail) and no DKIM signing was detected. Without DKIM, SPF is your only line of defense — upgrading to -all (hardfail) instructs receivers to reject unauthorized senders outright. Verify all legitimate sending sources are included before switching. If you configure DKIM, ~all becomes the industry-standard best practice because DMARC evaluates both SPF and DKIM alignment (RFC 7489 §10.1).

Record Type
Host / Name
Value / Content
Full record (click to copy)
mobilecommercepress.com TXT "v=spf1 include:relay.mailchannels.net include:relay.mailchannels.net include:bluehost.com -all"
RFC 7208 §5
Low dkim Verify DKIM configuration

DKIM selectors were not discoverable via common selector names. This does not confirm DKIM is absent — your provider may use custom or rotating selectors that cannot be enumerated through DNS (RFC 6376 §3.6.2.1). Check your email provider's DKIM settings to confirm signing is enabled.

Record Type
Host / Name
Value / Content
Full record (click to copy)
selector1._domainkey.mobilecommercepress.com TXT "v=DKIM1; k=rsa; p=<public_key>"
RFC 6376 §3.6.2.1
Low caa Add CAA records

Publish CAA DNS records to restrict which Certificate Authorities can issue TLS certificates for your domain. Specify your preferred CA (e.g., letsencrypt.org, digicert.com). CAA is advisory — CAs must check it before issuing, but absence means any CA can issue.

Record Type
Host / Name
Value / Content
Full record (click to copy)
mobilecommercepress.com CAA 0 issue "letsencrypt.org"
RFC 8659 §4
Low tlsrpt Configure TLS-RPT reporting

TLS-RPT (TLS Reporting) sends you reports about TLS connection failures when other servers try to deliver mail to your domain. Helps diagnose MTA-STS and STARTTLS issues.

Record Type
Host / Name
Value / Content
Full record (click to copy)
_smtp._tls.mobilecommercepress.com TXT "v=TLSRPTv1; rua=mailto:tls-reports@mobilecommercepress.com"
RFC 8460 §3

Manual Configuration Steps

Low dnssec Enable DNSSEC

DNSSEC (DNS Security Extensions) cryptographically signs DNS responses, preventing attackers from forging DNS answers. Contact your DNS hosting provider to enable DNSSEC signing.

RFC 4033 §2

Done making changes?

After updating your DNS records, run a new scan to verify everything is correct. DNS changes typically propagate within minutes, but can take up to 48 hours.

Re-Scan mobilecommercepress.com
Straight talk about your data.

We use two cookies, both essential:

  • _csrf — Prevents cross-site request forgery. Required for form submissions. Security-only.
  • _dns_session — Only exists if you choose to sign in. No account required to use DNS Tool.

We log your IP address for two reasons: rate limiting (so nobody abuses the service) and security (identifying malicious actors and complying with legal obligations). We check source geography for analysis accuracy — DNS responses vary by region, and knowing which resolver answered from where makes the science better.

No tracking cookies. No analytics cookies. No ad networks. No data brokers. Our code is open-core — the application framework is publicly available under BUSL-1.1 with timed Apache-2.0 conversion. Verify it yourself.

If you create an account and want out, account deletion removes your login and scan history. Public domain analyses remain available because they contain only public DNS records, already hashed. Full details: Privacy Policy.