Domain check
Running TLS, DMARC, BIMI, DNS, headers, and MTA-STS checks in parallel...
TLS / SSL
checking...
DMARC
checking...
BIMI
checking...
DNS health
checking...
Headers
checking...
MTA-STS
checking...
Subdomains
checking...
Domain check
Running TLS, DMARC, BIMI, DNS, headers, and MTA-STS checks in parallel...
TLS / SSL
DMARC
BIMI
DNS health
Headers
MTA-STS
Subdomains
Domain check
6 sections checked · TLS 94ms · DMARC 17ms · BIMI 57ms · DNS 1104ms · Headers 63ms · MTA-STS 12ms
TLS check for
Checked 5/14/2026, 10:49:12 PM · 94ms
Functional but improvable. Look at TLS 1.3 / HSTS.
211d until expiry
Or share this URL with the team that owns the records.
Subject Alternative Names (1)
CN=forbes.com
issued by CN=GlobalSign Atlas R3 DV TLS CA 2025 Q4, O=GlobalSign nv-sa, C=BE
CN=GlobalSign Atlas R3 DV TLS CA 2025 Q4, O=GlobalSign nv-sa, C=BE
issued by CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
issued by CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Negotiated: TLSv1.2 · ECDHE-RSA-AES128-GCM-SHA256 (TLSv1.2)
TLSv1
Not supported
not supportedTLSv1.1
Not supported
not supportedTLSv1.2
Supported
TLSv1.3
Not supported
not supportedAI-assisted remediation
Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to forbes.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.
DMARC check for
Checked 5/14/2026, 10:49:12 PM · 17ms
Solid: p=reject is enforced.
v=DMARC1; p=reject; pct=100; rua=mailto:[email protected],mailto:[email protected]; ruf=mailto:[email protected]; fo=1;
Found on the apex domain.
v=spf1 redirect=b45gkw7f._spf._d.mim.ec
AI-assisted remediation
Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to forbes.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.
BIMI check for
Checked 5/14/2026, 10:49:12 PM · 57ms
Logo present + DMARC OK, but no VMC. Yahoo/Fastmail will display, Gmail/Apple Mail will not.
looked up: default._bimi.forbes.com
v=BIMI1; l=https://images.forbes.com/bimi/Default_Forbes_Avatar_Display-1_tiny_ps.svg; a=;
https://images.forbes.com/bimi/Default_Forbes_Avatar_Display-1_tiny_ps.svg
No VMC URL declared. Required by Gmail and Apple Mail to display the logo.
BIMI requires DMARC p=quarantine or p=reject with pct=100. Currently: policy reject, pct 100.
AI-assisted remediation
Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to forbes.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.
DNS health for
Checked 5/14/2026, 10:49:12 PM · 1104ms
Some critical hardenings missing.
checked IP: 170.10.132.141 (MX us-smtp-inbound-1.mimecast.com), 170.10.132.221 (MX us-smtp-inbound-1.mimecast.com), 170.10.132.242 (MX us-smtp-inbound-1.mimecast.com), 170.10.128.221 (MX us-smtp-inbound-1.mimecast.com), 170.10.128.242 (MX us-smtp-inbound-1.mimecast.com), 170.10.128.141 (MX us-smtp-inbound-1.mimecast.com)
Domain intel on forbes.com
✓ Malware / phishing intel: clean
Domain is not on any malware-distribution feed we track.
✓ Active threat intel: clean
No active C2 / botnet IOCs against this domain.
Registered 1993-06-17 - established
Established domains rarely host phishing infrastructure.
AI-assisted remediation
Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to forbes.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.
Security headers for
https://www.forbes.com/ · status 200 · checked 5/14/2026, 10:49:12 PM · 63ms
followed 1 redirect: 301 forbes.com/ → 200 www.forbes.com/ → 200
Multiple headers missing or weak.
max-age=31536000; includeSubDomains; preload
upgrade-insecure-requests
SAMEORIGIN
strict-origin-when-cross-origin
unload=()
add_header X-Content-Type-Options nosniff always;
AI-assisted remediation
Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to forbes.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.
MTA-STS + TLS-RPT for
Checked 5/14/2026, 10:49:12 PM · 12ms
No MTA-STS at all. Mail in transit is not enforced.
looked up: _mta-sts.forbes.com
https://mta-sts.forbes.com/.well-known/mta-sts.txt
No TLS-RPT record found. Without it, you do not learn when receivers fail to enforce STS against your domain.
for forbes.com
The id is an opaque string. Bump it whenever you change the policy file, otherwise receivers will keep using the cached version.
_mta-stsv=STSv1; id=20260514224914TLS-RPT lets receivers send you JSON reports when STS / DANE fails. Point the rua at a mailbox you actually monitor.
_smtp._tlsv=TLSRPTv1; rua=mailto:[email protected]Host the file below at https://mta-sts.forbes.com/.well-known/mta-sts.txt with a trusted TLS cert (no self-signed). Replace the mx: line(s) with each of your real mail servers. Start with mode: testing to collect TLS-RPT failure reports before raising to mode: enforce.
version: STSv1 mode: testing mx: mail.forbes.com max_age: 86400
Cloudflare Workers, Pages, or any static host with HTTPS can serve this. The well-known path needs a Content-Type of text/plain.
AI-assisted remediation
Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to forbes.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.