bmrn
BioMarin is a global biotechnology company that has developed medicines to treat conditions such as achondroplasia, severe hemophilia A, and several rare inherited and lysosomal storage diseases. Learn more.
Generate the full report
Company Info
| Company Name | Employees | Location | Last Updated | Industry |
|---|---|---|---|---|
| bmrn | 3000 | San Rafael, United States of America | 21/10/2026 | Health Care |
bmrn Vendor Risk Report
This is an exhaustive cyber risk assessment report based on the scans performed by the Site24x7 Digital Risk Analyzer on the bmrn domain. Based on the assertion checks performed for four main security aspects, namely domain, email, network, and application, results are provided in respective categories along with the score obtained for each. An overall domain score has also been assigned based on these results.
Domain Security
Certificate Authority Authorization Check
CAA (Certificate Authority Authorization) is a DNS record that specifies which Certificate Authorities (CAs) can issue SSL/TLS certificates for a domain, enhancing security by preventing unauthorized CAs from issuing certificates. When requesting a certificate, the CA checks the domain's CAA record. If the record authorizes the CA, the certificate is issued; otherwise, the request fails. Without a CAA record, any CA can issue a certificate, increasing the risk of mis-issuance. For example, to allow only Let's Encrypt, your CAA record would look like: example.com. IN CAA 0 issue "letsencrypt.org".CAA records ensure only authorized CAs can issue certificates for your domain.Domain Expiry
To maintain domain ownership, it is essential to renew the domain name before it expires. Once a domain expires, the domain will deactivated and parked. Once it is deactivated, you will not be allowed to make any changes, neither will the customers be able to access it, leading to negative impacts on your business and brand.
Using this check, Digital Risk Analyzer will track your domain expiry date and the number of days left for expiry.Blocklisted Domain
A blocklist will contain the list of IPs, domains, or email addresses that were reported for spam or any other malicious activity. A blocklisted domain will face a huge drop in the number of visitors and will be marked unsafe leading to a tarnished brand reputation.
Using this check, Digital Risk Analyzer will cross-verify your domain against the popular blocklists to ensure that your domain isnt flagged as a blocklisted one.
Email Security
Email Server Certificate
Mail servers are responsible for receiving, routing, and delivering e-mail. This check ensures correct configuration, Starttls support, valid certificates, and its expiry.SPF Existence
SPF is a DNS record that prevents email spoofing by specifying which mail servers can send emails on behalf of your domain. This check verifies if an SPF record is present for the domain, with further validation if a record exists.SPF Maximum Lookup
The SPF framework has a threshold limit of 10 DNS lookups to resolve a record. This check analyses whether there are more than 10 lookups in the SPF record. DNS lookups up to 10 per SPF record is allowed, which includes lookups caused by the use of terms like redirect, include, a, mx, ptr, and exists.Recursive SPF Redirect
This check detects recursive redirects in the SPF record which can exceed the lookup limits.DMARC Existence
DMARC is a DNS record that enhances SPF and DKIM to protect against email spoofing and phishing by specifying how email receivers should handle messages that fail authentication checks. This assertion verifies the presence of a DMARC record for the domain, with further validation performed if a record exists.TLS-RPT Existence
TLS-RPT (TLS Reporting) enables a domain to receive reports on TLS encryption issues in email delivery. It helps administrators identify and address failed secure delivery attempts. Defined in RFC 8460, it works with MTA-STS for better email security. A TLS-RPT record, located at _smtp._tls.example.com, directs email servers to send reports on failed TLS negotiations. Example: v=TLSRPTv1; rua=mailto:tls-reports@example.com. This assertion confirms the presence of the TLS-RPT record and initiates further actions, if found.MTA-STS DNS Existence
MTA-STS (Mail Transfer Agent Strict Transport Security) enforces secure TLS connections for email, preventing man-in-the-middle attacks. MTA-STS DNS records configure this protocol, directing mail servers to enforce TLS and specify related policies. This assertion verifies if the domain has an MTA-STS record in its DNS.MTA-STS HTTPS Existence
MTA-STS HTTPS existence ensures that a domain has an HTTPS-hosted policy file required for Mail Transfer Agent Strict Transport Security (MTA-STS). This protocol enforces encrypted email delivery. The policy file, named mta-sts.txt, must be hosted at: https://mta-sts.example.com/.well-known/mta-sts.txt.