Home

 tinysystems.io

Email deliverability audit.

Scan complete
70
Compliance Score

How the score was calculated

Starting score
100
2 high findings
−30
Final score
70

AI Analysis

Your domain’s email security is at risk because it lacks essential protections: no DKIM record means spoofed emails can

Fix these first

2 priorities
  1. 01
    HIGHdkim_record

    No DKIM record found on tinysystems.io. MX records point at Google Workspace — this is the #1 Workspace pitfall: the DKIM key is generated in your Admin Console but the corresponding TXT record was never published in DNS. Fix path: Admin Console → Apps → Google Workspace → Gmail → Authenticate email → generate or copy the existing key, then add a TXT record at google._domainkey.tinysystems.io with the value shown. Without DKIM, DMARC cannot enforce a policy.

  2. 02
    HIGHdmarc_record

    No DMARC record found at _dmarc.tinysystems.io. Without DMARC, even a valid SPF and DKIM setup leaves your domain spoofable — receivers don't know what to do when checks fail. Publish a record starting with v=DMARC1; p=none; rua=mailto:you@tinysystems.io for monitoring.

Report Details

Playbook
email_deliverability
Domain
tinysystems.io
Started At
29 May 2026, 16:07
Duration
18s
Total Checks
4
Report ID
dwjNk3YXWS_S

Check Results

Email Authentication

3 checks2 failed

spf_record

HIGH

SPF record ends with ~all (soft fail). Most receivers will mark spoofed mail as suspicious but still deliver it. Consider tightening to -all once you're confident your sending sources are fully enumerated.

RFC 7208 (SPF)

SPF declares which mail servers are authorised to send mail from your domain. Missing or misconfigured SPF lets spoofers send from your address.

dkim_record

HIGH-15

No DKIM record found on tinysystems.io. MX records point at Google Workspace — this is the #1 Workspace pitfall: the DKIM key is generated in your Admin Console but the corresponding TXT record was never published in DNS. Fix path: Admin Console → Apps → Google Workspace → Gmail → Authenticate email → generate or copy the existing key, then add a TXT record at google._domainkey.tinysystems.io with the value shown. Without DKIM, DMARC cannot enforce a policy.

RFC 6376 (DKIM)

DKIM cryptographically signs outbound mail so receivers can verify it wasn't tampered with in transit. Required for DMARC to enforce a policy.

dmarc_record

HIGH-15

No DMARC record found at _dmarc.tinysystems.io. Without DMARC, even a valid SPF and DKIM setup leaves your domain spoofable — receivers don't know what to do when checks fail. Publish a record starting with v=DMARC1; p=none; rua=mailto:you@tinysystems.io for monitoring.

RFC 7489 (DMARC)

DMARC tells receivers what to do when SPF or DKIM fail (none/quarantine/reject). Without DMARC at p=quarantine or stricter, your domain can be spoofed at scale.

Report Generation

1 check All passed

generate_summary

INFO

AI summary generated successfully