US-018US-019US-020US-055US-056US-057US-058US-059US-060US-114
📅Monthly executive summary auto-generated 1st of month — US-060, FR-051 ·
L1 Scan Report — acmecorp.com
Scan #SCN-1041 · 15 Jun 2026 07:02 · Completed in 8m 14s
68
Score
Health Score
Grade: C+
2
Critical
Needs immediate action
3
High
Action within 7 days
4
Medium / Low
Plan within 30 days
🤖 Claude AI Executive Summary US-055, US-057
Your domain acmecorp.com has two critical issues requiring immediate attention.
First, your email security is misconfigured — your DMARC policy is set to "none," meaning attackers
can impersonate your domain to send phishing emails to your customers and suppliers without any email
provider blocking them. Second, two of your subdomains (staging.acmecorp.com and old-app.acmecorp.com)
are vulnerable to takeover, meaning a third party could host malicious content appearing to come from
your business. Together, these two issues carry an estimated financial exposure of £28,500.
Both can be fixed in under 30 minutes by your IT team.
MITRE ATT&CK Coverage US-114, FR-050
T1190 Exploit Public-Facing AppT1078 Valid AccountsT1046 Network Service Scan
ESTIMATED TOTAL FINANCIAL EXPOSURE FROM L1 FINDINGS
£47,200
£28,000
Data breach / impersonation
£12,000
GDPR ICO fine exposure
£7,200
Operational downtime
Estimates based on IBM Cost of a Data Breach 2024 · ICO enforcement data · Verizon DBIR 2024
All Findings US-018, US-019, US-067
| Finding | Category | Severity | Financial Risk | Status | Actions |
|---|---|---|---|---|---|
| DMARC policy set to 'none' _dmarc.acmecorp.com → v=DMARC1; p=none |
Email Security | CRITICAL | £9,500 | Open | |
| Subdomain takeover — staging.acmecorp.com CNAME → dangling Heroku endpoint |
DNS / Subdomain | CRITICAL | £19,000 | Open | |
| Content Security Policy (CSP) missing No CSP header on acmecorp.com |
HTTP Headers | HIGH | £4,200 | Open | |
| HSTS (HTTP Strict Transport Security) missing Allows downgrade to HTTP on browsers |
HTTP Headers | HIGH | £3,100 | In Progress | |
| SPF record too permissive (+all) acmecorp.com → v=spf1 include:sendgrid.net +all |
Email Security | HIGH | £5,800 | Open | |
| WordPress 6.3.1 detected (outdated) blog.acmecorp.com · 3 known CVEs |
Technology | MEDIUM | £2,900 | Open | |
| 5 email addresses in data breach (HaveIBeenPwned) LinkedIn 2021, Canva 2019 |
Credential Exposure | MEDIUM | £2,700 | Open |
One-Click Remediation — DMARC Fix US-058
🤖 Claude AI generated this fix · Estimated time to apply: 5 minutes
Add the following DNS TXT record to your domain's DNS settings (Route 53, Cloudflare, or your registrar):
Name: _dmarc.acmecorp.com
Type: TXT
Value: "v=DMARC1; p=quarantine; rua=mailto:dmarc@acmecorp.com; pct=100"
# This sets DMARC to quarantine (recommended first step).
# Once monitoring shows no legitimate mail failing, upgrade to:
Value: "v=DMARC1; p=reject; rua=mailto:dmarc@acmecorp.com; pct=100"