npm - @redsift/products - Versions diffs - 12.1.1-muiv6 → 12.2.0-muiv5 - Mend

@redsift/products 12.1.1-muiv6 → 12.2.0-muiv5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index2.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { _ as _objectSpread2, a as _objectWithoutProperties, b as _extends } from './_internal/_rollupPluginBabelHelpers.js';
 import React__default, { useMemo, useContext, createContext, forwardRef, useCallback, Component, useState, useEffect, useId, useRef, Suspense, memo } from 'react';
-import { mdiCheck, mdiAlert, mdiClose, mdiInformation, mdiHelpCircle, mdiEmail, mdiEarth, mdiArrowDownBold } from '@redsift/icons';
+import { mdiCheck, mdiAlert, mdiClose, mdiInformation, mdiHelpCircle, mdiEmail, mdiEarth, mdiInformationOutline, mdiArrowDownBold } from '@redsift/icons';
 import styled, { css } from 'styled-components';
 import { useLocalizedStringFormatter, useTheme, Button, Icon, DetailedCard, Flexbox, Link, TextField } from '@redsift/design-system';
 import classNames from 'classnames';
@@ -562,6 +562,7 @@ var enUS = {
 	"investigate.card.bimi.record-passed_md": "**[](BIMI_RECORD#:glossary)** **Present and compliant**",
 	"investigate.card.bimi.record-declination_md": "**[](BIMI_RECORD#:glossary)** Present and containing a  **valid declination to publish**",
 	"investigate.card.bimi.record-no-cert_md": "**[](BIMI_RECORD#:glossary)** **Certificate not found**",
+	"investigate.card.bimi.cert-forbidden_md": "Your certificate appears to be behind an anti-bot protection system. [Find out more and how to resolve the issue](https://knowledge.ondmarc.redsift.com/en/articles/8047013-ondmarc-cannot-fetch-my-bimi-logo-or-certificate)",
 	"investigate.card.bimi.record-failed_md": "**[](BIMI_RECORD#:glossary)** **Present** but with errors",
 	"investigate.card.bimi.record-missing_md": "**[](BIMI_RECORD#:glossary)** **Missing.** [Learn how to fix it](https://community.redsift.com/s/article/000001130)",
 	"investigate.card.bimi.could-not-fetch_md": "Failed to fetch **[](BIMI_RECORD#:glossary)**",
@@ -575,6 +576,7 @@ var enUS = {
 	"investigate.card.bimi.vmc.expiry-date_md": "**Expires on:** {date} ({daysLeft} days left)",
 	"investigate.card.bimi.vmc.expired-date_md": "Expired on {date}",
 	"investigate.card.bimi.vmc.trademarkAuthority_md": "**Trademark Authority: {trademarkAuthority}**",
+	"investigate.card.bimi.vmc.assertionMark_md": "**Assertion Mark:** {assertionMark}",
 	"investigate.card.bimi.logoErrors.invalid-svg_md": "**[](VMC#:glossary)** Invalid SVG. Logo from certificate cannot be converted to a valid SVG.",
 	"investigate.card.bimi.logoErrors.invalid-svg-version_md": "**[](VMC#:glossary)** Invalid SVG version. Should be **1.2**",
 	"investigate.card.bimi.logoErrors.invalid-svg-profile_md": "**[](VMC#:glossary)** Invalid SVG profile. Should be **tiny-ps**",
@@ -595,10 +597,11 @@ var enUS = {
 	"investigate.card.bimi.logoErrors.logo-and-evidence-mismatch_md": "**[](VMC#:glossary)** Logo on l record and on certificate do not match",
 	"investigate.card.bimi.logoErrors.logo-extract-error_md": "**[](VMC#:glossary)** Error extracting logo",
 	"investigate.card.bimi.logoErrors.unknown-svg-error_md": "**[](VMC#:glossary)** Unknown SVG error",
+	"investigate.card.bimi.svg-error-fallback_md": "**[](VMC#:glossary)** {error}",
 	"investigate.card.bimi.pemErrors.cert-not-found_md": "**[](VMC#:glossary)** Certificate not found",
 	"investigate.card.bimi.pemErrors.cert-not-url_md": "**[](VMC#:glossary)** Certificate is not an url",
 	"investigate.card.bimi.pemErrors.cert-not-file_md": "**[](VMC#:glossary)** Certificate is not a file",
-	"investigate.card.bimi.pemErrors.cert-not-https_md": "**[](VMC#:glossary)** Certificate has not an HTTPS protocol",
+	"investigate.card.bimi.pemErrors.cert-not-https_md": "**[](VMC#:glossary)** Certificate does not use the HTTPS protocol",
 	"investigate.card.bimi.pemErrors.cert-not-pem_md": "**[](VMC#:glossary)** Certificate is not a PEM file",
 	"investigate.card.bimi.pemErrors.cert-not-valid_md": "**[](VMC#:glossary)** Certificate is not valid",
 	"investigate.card.bimi.pemErrors.cert-bad-date_md": "**[](VMC#:glossary)** Certificate has expired",
@@ -704,6 +707,7 @@ var enUS = {
 	"It is a protocol that was built to enforce **the existing SPF and DKIM protocols**."
 ],
 	"investigate.signal-description.DMARC_DOMAIN_md_LONG": [
+	"",
 	"DMARC does a few things:",
 	"",
 	"1. It takes into account the results from SPF and DKIM.",
@@ -718,6 +722,7 @@ var enUS = {
 	"It is a protocol that was built to enforce **the existing SPF and DKIM protocols**."
 ],
 	"investigate.signal-description.DMARC_md_LONG": [
+	"",
 	"DMARC does a few things:",
 	"",
 	"1. It takes into account the results from SPF and DKIM.",
@@ -728,6 +733,7 @@ var enUS = {
 	"investigate.signal-description.DMARC_md_INTRO": null,
 	"investigate.signal-description.DKIM_md_SHORT": "**DKIM** stands for *DomainKeys Identified Mail*. It is used to sign different header fields and the body of an email in order to authenticate the sending domain and prevent message modification during transit.",
 	"investigate.signal-description.DKIM_md_LONG": [
+	"",
 	"It achieves this by using **asymmetric cryptography** which consists of public and private keys. The private key is private to the sender’s domain and used to sign the emails. The public key is published in the sender’s DNS so it can be retrieved by anyone receiving messages from the sender.",
 	"",
 	"In essence, when an email is composed, its headers and body are signed using the private key of the sender to create a digital signature, which is also sent as a header field along with the email. On the receiver’s side (if DKIM enabled), the server retrieves the public key and verifies if the email was indeed signed by the sending domain. If the signature is successfully validated that proves that the sending domain sent the message and also that the headers and body of the message have not been modified during transmission."
@@ -735,11 +741,13 @@ var enUS = {
 	"investigate.signal-description.DKIM_md_INTRO": null,
 	"investigate.signal-description.TLS_md_SHORT": "TLS stands for **Transport Layer Security** and it is a protocol which helps **protect your emails by encrypting the connection** from the sender to recipient (client to server). Encryption makes snooping on your emails much harder while they travel on their way to your recipients. Encryption in transit is important so that your emails are read only by the intended recipients and not on their way there.",
 	"investigate.signal-description.TLS_md_LONG": [
+	"",
 	"Without using TLS your emails are exposed to snooping which means that they can be read by your internet provider or people on your network. Using TLS ensures that your emails are only read by the intended recipients. Please contact your service provider or administrator to enable TLS."
 ],
 	"investigate.signal-description.TLS_md_INTRO": null,
 	"investigate.signal-description.FCRDNS_md_SHORT": "**Forward-confirmed reverse DNS** (FCrDNS) is a spam filtering mechanism that tests if a given IP address has both **forward (name-to-address) and reverse (address-to-name)** Domain Name System (DNS) entries that match each other.",
 	"investigate.signal-description.FCRDNS_md_LONG": [
+	"",
 	"This verification is a weak form of authentication that exists to prove that there is a **valid relationship** between the owner of a domain name and the owner of the network that has been given an IP address. As this is difficult for spammers and spoofers to bypass FCrDNS is checked by some mail receivers in an effort to reduce phishing attacks and spam.",
 	"",
 	"Legitimate email servers should be correctly configured for FCrDNS to avoid deliverability issues."
@@ -759,29 +767,32 @@ var enUS = {
 	"investigate.signal-description.SUBDO_DOMAIN_ANALYZER_md": "We've checked your SPF record and haven't found any compromised \"includes\"",
 	"investigate.signal-description.SPF_md_SHORT": "SPF stands for **Sender Policy Framework**. It was developed to combat sender address forgery. It is an authentication protocol which **verifies the `MAIL FROM` or `HELO/EHLO` identities during email transmission**.",
 	"investigate.signal-description.SPF_md_LONG": [
+	"",
 	"SPF does this by comparing the sending server's IP address to a **list of authorized senders**. The authorized senders are the IP addresses which are allowed to send on behalf of the sending domain. They are **specified in a TXT record** which is published in the domain owner's DNS.",
 	"",
 	"If the receiving end supports SPF, then, upon receipt of an email it checks if the sending IP address is authorized to send on behalf of the domain and if is not in that list SPF authentication will fail.",
 	"",
-	"DMARC uses both SPF and DKIM. For information on what DKIM is please click the button below."
+	"DMARC uses both SPF and DKIM. For information on what DKIM is please [click here](https://knowledge.ondmarc.redsift.com/en/articles/1142653-what-is-dkim)."
 ],
 	"investigate.signal-description.SPF_md_INTRO": null,
 	"investigate.signal-description.SPF_DOMAIN_md_SHORT": "SPF stands for **Sender Policy Framework**. It was developed to combat sender address forgery. It is an authentication protocol which **verifies the `MAIL FROM` or `HELO/EHLO` identities during email transmission**.",
 	"investigate.signal-description.SPF_DOMAIN_md_LONG": [
+	"",
 	"SPF does this by comparing the sending server's IP address to a **list of authorized senders**. The authorized senders are the IP addresses which are allowed to send on behalf of the sending domain. They are **specified in a TXT record** which is published in the domain owner's DNS.",
 	"",
 	"If the receiving end supports SPF, then, upon receipt of an email it checks if the sending IP address is authorized to send on behalf of the domain and if is not in that list SPF authentication will fail.",
 	"",
-	"DMARC uses both SPF and DKIM. For information on what DKIM is please click the button below."
+	"DMARC uses both SPF and DKIM. For information on what DKIM is please [click here](https://knowledge.ondmarc.redsift.com/en/articles/1142653-what-is-dkim)."
 ],
 	"investigate.signal-description.SPF_DOMAIN_md_INTRO": null,
 	"investigate.signal-description.SPF_DOMAIN_ANALYZER_md_SHORT": "SPF stands for **Sender Policy Framework**. It was developed to combat sender address forgery. It is an authentication protocol which **verifies the `MAIL FROM` or `HELO/EHLO` identities during email transmission**.",
 	"investigate.signal-description.SPF_DOMAIN_ANALYZER_md_LONG": [
+	"",
 	"SPF does this by comparing the sending server's IP address to a **list of authorized senders**. The authorized senders are the IP addresses which are allowed to send on behalf of the sending domain. They are **specified in a TXT record** which is published in the domain owner's DNS.",
 	"",
 	"If the receiving end supports SPF, then, upon receipt of an email it checks if the sending IP address is authorized to send on behalf of the domain and if is not in that list SPF authentication will fail.",
 	"",
-	"DMARC uses both SPF and DKIM. For information on what DKIM is please click the button below."
+	"DMARC uses both SPF and DKIM. For information on what DKIM is please [click here](https://knowledge.ondmarc.redsift.com/en/articles/1142653-what-is-dkim)."
 ],
 	"investigate.signal-description.SPF_DOMAIN_ANALYZER_md_INTRO": null,
 	"investigate.signal-description.URLS_md_SHORT": "Shows all URLs extracted from the email. This is useful if you need to subscribe via a link to the service you are testing.",
@@ -789,6 +800,7 @@ var enUS = {
 	"investigate.signal-description.URLS_md_INTRO": null,
 	"investigate.signal-description.THREATINV_md_SHORT": "The results of the **Threat Intelligence** check help to identify suspicious emails or ones that should be blocked. It also highlights **deliverability** issues from legit sources.",
 	"investigate.signal-description.THREATINV_md_LONG": [
+	"",
 	"The **Spamhaus** databases that are checked are **comprehensive** and effective **threat intelligence data sets**. They are **continuously updated** and maintained by the Spamhaus Project researchers."
 ],
 	"investigate.signal-description.THREATINV_md_INTRO": "**Sender IP** and **Domain** were checked against databases of known **spammers**, **malware** disseminators, **non mail transfer agents**, **botnet** resources, **phishers**, or **low-reputation** senders.",
@@ -796,16 +808,20 @@ var enUS = {
 	"investigate.signal-description.THREATINV_DOMAIN_ANALYZER_NO_THREATS_md": "Domain was checked against several of trusted spammers database, web-mail transfer agents, botnet resources, phishers, or Non-reputation source: No suspicious activity.",
 	"investigate.signal-description.THREATINV_DOMAIN_ANALYZER_md_SHORT": "The results of the **Threat Intelligence** check help to identify suspicious domains or ones that should be blocked. It also highlights **deliverability** issues from legit sources.",
 	"investigate.signal-description.THREATINV_DOMAIN_ANALYZER_md_LONG": [
+	"",
 	"The **Spamhaus** databases that are checked are **comprehensive** and effective **threat intelligence data sets**. They are **continuously updated** and maintained by the Spamhaus Project researchers."
 ],
 	"investigate.signal-description.THREATINV_DOMAIN_ANALYZER_md_INTRO": "**Domain** was checked against databases of known **spammers**, **malware** disseminators, **non mail transfer agents**, **botnet** resources, **phishers**, or **low-reputation** senders.",
 	"investigate.signal-description.BIMI_md_SHORT": "**OnDMARC** and the Red Sift team can get your brand **BIMI compliant**, including issuing a **VMC** or **CMC** through our partners. [Learn more](https://redsift.com/pulse-platform/ondmarc/bimi)",
 	"investigate.signal-description.BIMI_md_LONG": [
+	"",
 	"To become **BIMI compliant** the following criteria must be met:",
 	"",
 	"1. The sending domain must be **DMARC compliant**.",
 	"2. You must hold the **trademark or certified rights for the brand logo** you want displayed.",
-	"3. You should have a **valid VMC or CMC certificate** which proves you are authorised to use the logo and are in control of the sending domain."
+	"3. You should have a **valid VMC or CMC certificate** which proves you are authorised to use the logo and are in control of the sending domain.",
+	"",
+	"For more details on the differences between VMC and CMC, see our [BIMI guide](https://redsift.com/guides/bimi#key-differences-between-vmc-and-cmc)."
 ],
 	"investigate.signal-description.BIMI_md_INTRO": "**BIMI**, or **Brand Indicators** for **Message Identification**, is a proposed standard that lets you display your company or brand logo next to your authenticated email messages in your customers inbox. [Learn more](https://redsift.com/pulse-platform/ondmarc/bimi)",
 	"investigate.signal-description.DNSSEC_md_SHORT": "The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups. It does not provide privacy protections for those lookups, but prevents attackers from manipulating or poisoning the responses to DNS requests.",
@@ -818,6 +834,7 @@ var enUS = {
 ],
 	"investigate.signal-description.MTA-STS_md_SHORT": "**MTA-STS** (Mail Transfer Agent Strict Transport Security) tells sending servers to only deliver mail to your domain when a TLS connection can be negotiated and the policy you published is valid.",
 	"investigate.signal-description.MTA-STS_md_LONG": [
+	"",
 	"To be protected by **MTA-STS** you must:",
 	"",
 	"1. Publish an **mta-sts TXT record** that advertises your policy.",
@@ -951,8 +968,8 @@ var enUS = {
 	"glossary.label.RETURN_PATH": "Return Path",
 	"glossary.label.RETURN_PATH.value": "Return Path",
 	"glossary.label.RETURN_PATH.link": "return-path",
-	"glossary.label.DMARC_POLICY": "p=",
-	"glossary.label.DMARC_POLICY.value": "p=",
+	"glossary.label.DMARC_POLICY": "DMARC Policy",
+	"glossary.label.DMARC_POLICY.value": "DMARC Policy",
 	"glossary.label.DMARC_POLICY.value_FULL": "DMARC Policy",
 	"glossary.label.DMARC_POLICY.value_REPORTED": "report",
 	"glossary.label.DMARC_POLICY.value_QUARANTINE": "quarantine",
@@ -1466,6 +1483,7 @@ var frFR = {
 	"investigate.card.bimi.record-passed_md": "**[](BIMI_RECORD#:glossary)** **Présent et conforme**",
 	"investigate.card.bimi.record-declination_md": "**[](BIMI_RECORD#:glossary)** Présenter et contenir une **déclaration valide de publication**",
 	"investigate.card.bimi.record-no-cert_md": "**[](BIMI_RECORD#:glossary)** **Certificat non trouvé**",
+	"investigate.card.bimi.cert-forbidden_md": "Votre certificat semble être derrière un système de protection anti-bot. [En savoir plus et comment résoudre le problème](https://knowledge.ondmarc.redsift.com/en/articles/8047013-ondmarc-cannot-fetch-my-bimi-logo-or-certificate)",
 	"investigate.card.bimi.record-failed_md": "**[](BIMI_RECORD#:glossary)** **Présent** mais avec des erreurs",
 	"investigate.card.bimi.record-missing_md": "**[](BIMI_RECORD#:glossary)** **Missing.** [Learn how to fix it](https://community.redsift.com/s/article/000001130)",
 	"investigate.card.bimi.could-not-fetch_md": "Échec de la récupération de **[](BIMI_RECORD#:glossary)**",
@@ -1479,6 +1497,7 @@ var frFR = {
 	"investigate.card.bimi.vmc.expiry-date_md": "**Expire le:** {date} ({daysLeft} jours restants)",
 	"investigate.card.bimi.vmc.expired-date_md": "Expiré le {date}",
 	"investigate.card.bimi.vmc.trademarkAuthority_md": "**Autorité de la marque : {trademarkAuthority}**",
+	"investigate.card.bimi.vmc.assertionMark_md": "**Marque d'assertion :** {assertionMark}",
 	"investigate.card.bimi.logoErrors.invalid-svg_md": "**[](VMC#:glossary)** SVG non valide. Le logo du certificat ne peut pas être converti en un SVG valide.",
 	"investigate.card.bimi.logoErrors.invalid-svg-version_md": "**[](VMC#:glossary)** Version SVG invalide. Devrait être **1.2**",
 	"investigate.card.bimi.logoErrors.invalid-svg-profile_md": "**[](VMC#:glossary)** Profil SVG invalide. Doit être **tiny-ps**",
@@ -1499,10 +1518,11 @@ var frFR = {
 	"investigate.card.bimi.logoErrors.logo-and-evidence-mismatch_md": "**[](VMC#:glossary)** Logo sur l'enregistrement et sur le certificat ne correspondent pas",
 	"investigate.card.bimi.logoErrors.logo-extract-error_md": "**[](VMC#:glossary)** Erreur lors de l'extraction du logo",
 	"investigate.card.bimi.logoErrors.unknown-svg-error_md": "**[](VMC#:glossary)** Erreur inconnue lors de la validation du SVG",
+	"investigate.card.bimi.svg-error-fallback_md": "**[](VMC#:glossary)** {error}",
 	"investigate.card.bimi.pemErrors.cert-not-found_md": "**[](VMC#:glossary)** Certificat non trouvé",
 	"investigate.card.bimi.pemErrors.cert-not-url_md": "**[](VMC#:glossary)** Le certificat n'est pas une url",
 	"investigate.card.bimi.pemErrors.cert-not-file_md": "**[](VMC#:glossary)** Le certificat n'est pas un fichier",
-	"investigate.card.bimi.pemErrors.cert-not-https_md": "**[](VMC#:glossary)** Le certificat n'a pas de protocole HTTPS",
+	"investigate.card.bimi.pemErrors.cert-not-https_md": "**[](VMC#:glossary)** Le certificat n'utilise pas le protocole HTTPS",
 	"investigate.card.bimi.pemErrors.cert-not-pem_md": "**[](VMC#:glossary)** Le certificat n'est pas un fichier PEM",
 	"investigate.card.bimi.pemErrors.cert-not-valid_md": "**[](VMC#:glossary)** Le certificat n'est pas valide",
 	"investigate.card.bimi.pemErrors.cert-bad-date_md": "**[](VMC#:glossary)** Le certificat a expiré",
@@ -1608,6 +1628,7 @@ var frFR = {
 	"Il s'agit d'un protocole qui a été conçu pour renforcer **les protocoles SPF et DKIM existants**."
 ],
 	"investigate.signal-description.DMARC_DOMAIN_md_LONG": [
+	"",
 	"DMARC a plusieurs fonctions :",
 	"",
 	"1. Il prend en compte les résultats de SPF et DKIM.",
@@ -1622,6 +1643,7 @@ var frFR = {
 	"Il s'agit d'un protocole qui a été conçu pour renforcer **les protocoles SPF et DKIM existants**."
 ],
 	"investigate.signal-description.DMARC_md_LONG": [
+	"",
 	"DMARC a plusieurs fonctions :",
 	"",
 	"1. Il prend en compte les résultats de SPF et DKIM.",
@@ -1632,6 +1654,7 @@ var frFR = {
 	"investigate.signal-description.DMARC_md_INTRO": null,
 	"investigate.signal-description.DKIM_md_SHORT": "**DKIM** signifie *DomainKeys Identified Mail*. Il est utilisé pour signer différents champs d'en-tête et le corps d'un courrier électronique afin d'authentifier le domaine d'envoi et d'empêcher la modification du message pendant le transit.",
 	"investigate.signal-description.DKIM_md_LONG": [
+	"",
 	"Pour ce faire, il utilise la **cryptographie asymétrique** qui consiste en des clés publiques et privées. La clé privée est propre au domaine de l'expéditeur et est utilisée pour signer les courriels. La clé publique est publiée dans le DNS de l'expéditeur et peut donc être récupérée par toute personne recevant des messages de l'expéditeur.",
 	"",
 	"Essentiellement, lorsqu'un courriel est composé, ses en-têtes et son corps sont signés à l'aide de la clé privée de l'expéditeur pour créer une signature numérique, qui est également envoyée en tant que champ d'en-tête avec le courriel. Du côté du destinataire (si le DKIM est activé), le serveur récupère la clé publique et vérifie si le courriel a bien été signé par le domaine d'envoi. Si la signature est validée avec succès, cela prouve que le domaine d'envoi a envoyé le message et que les en-têtes et le corps du message n'ont pas été modifiés pendant la transmission."
@@ -1639,11 +1662,13 @@ var frFR = {
 	"investigate.signal-description.DKIM_md_INTRO": null,
 	"investigate.signal-description.TLS_md_SHORT": "TLS signifie **Transport Layer Security** et il s'agit d'un protocole qui aide à **protéger vos courriels en chiffrant la connexion** entre l'expéditeur et le destinataire (du client au serveur). Le cryptage rend l'espionnage de vos courriels beaucoup plus difficile pendant leur acheminement vers vos destinataires. Le cryptage en transit est important pour que vos courriels ne soient lus que par les destinataires prévus et non en cours de route.",
 	"investigate.signal-description.TLS_md_LONG": [
+	"",
 	"Sans l'utilisation de TLS, vos courriels sont exposés à l'espionnage, ce qui signifie qu'ils peuvent être lus par votre fournisseur d'accès à Internet ou par des personnes de votre réseau. L'utilisation de TLS garantit que vos courriels ne sont lus que par les destinataires prévus. Veuillez contacter votre fournisseur de services ou votre administrateur pour activer TLS."
 ],
 	"investigate.signal-description.TLS_md_INTRO": null,
 	"investigate.signal-description.FCRDNS_md_SHORT": "Le **Forward-confirmed reverse DNS** (FCrDNS) est un mécanisme de filtrage du spam qui teste si une adresse IP donnée possède à la fois des entrées **forward (nom vers adresse) et reverse (adresse vers nom)** du système de noms de domaine (DNS) qui correspondent l'une à l'autre.",
 	"investigate.signal-description.FCRDNS_md_LONG": [
+	"",
 	"Cette vérification est une forme faible d'authentification qui existe pour prouver qu'il y a une **relation valide** entre le propriétaire d'un nom de domaine et le propriétaire du réseau qui a reçu une adresse IP. Comme il est difficile pour les spammeurs et les usurpateurs de contourner cette vérification, FCrDNS est vérifié par certains destinataires de courrier électronique dans le but de réduire les attaques par hameçonnage et le spam.",
 	"",
 	"Les serveurs de courrier électronique légitimes doivent être correctement configurés pour FCrDNS afin d'éviter les problèmes de délivrabilité."
@@ -1660,20 +1685,22 @@ var frFR = {
 	"investigate.signal-description.SUBDO_md": "Nous vérifions votre enregistrement SPF pour détecter les \"includes\" compromis qui pourraient laisser ce domaine ouvert aux attaques de spoofing.",
 	"investigate.signal-description.SPF_md_SHORT": "SPF signifie **Sender Policy Framework**. Il a été développé pour lutter contre la falsification de l'adresse de l'expéditeur. Il s'agit d'un protocole d'authentification qui **vérifie les identités `MAIL FROM` ou `HELO/EHLO` pendant la transmission du courrier électronique**.",
 	"investigate.signal-description.SPF_md_LONG": [
+	"",
 	"Pour ce faire, SPF compare l'adresse IP du serveur d'envoi à une **liste d'expéditeurs autorisés**. Les expéditeurs autorisés sont les adresses IP qui sont autorisées à envoyer des messages au nom du domaine d'envoi. Elles sont **spécifiées dans un enregistrement TXT** qui est publié dans le DNS du propriétaire du domaine.",
 	"",
 	"Si le destinataire prend en charge SPF, il vérifie, lors de la réception d'un courrier électronique, si l'adresse IP d'envoi est autorisée à envoyer des messages au nom du domaine et, si elle ne figure pas dans cette liste, l'authentification SPF échoue.",
 	"",
-	"DMARC utilise à la fois SPF et DKIM. Pour plus d'informations sur DKIM, cliquez sur le bouton ci-dessous."
+	"DMARC utilise à la fois SPF et DKIM. Pour plus d'informations sur DKIM, [cliquez ici](https://knowledge.ondmarc.redsift.com/en/articles/1142653-what-is-dkim)."
 ],
 	"investigate.signal-description.SPF_md_INTRO": "",
 	"investigate.signal-description.SPF_DOMAIN_md_SHORT": "SPF signifie **Sender Policy Framework**. Il a été développé pour lutter contre la falsification de l'adresse de l'expéditeur. Il s'agit d'un protocole d'authentification qui **vérifie les identités `MAIL FROM` ou `HELO/EHLO` pendant la transmission du courrier électronique**.",
 	"investigate.signal-description.SPF_DOMAIN_md_LONG": [
+	"",
 	"Pour ce faire, SPF compare l'adresse IP du serveur d'envoi à une **liste d'expéditeurs autorisés**. Les expéditeurs autorisés sont les adresses IP qui sont autorisées à envoyer des messages au nom du domaine d'envoi. Elles sont **spécifiées dans un enregistrement TXT** qui est publié dans le DNS du propriétaire du domaine.",
 	"",
 	"Si le destinataire prend en charge SPF, il vérifie, lors de la réception d'un courrier électronique, si l'adresse IP d'envoi est autorisée à envoyer des messages au nom du domaine et, si elle ne figure pas dans cette liste, l'authentification SPF échoue.",
 	"",
-	"DMARC utilise à la fois SPF et DKIM. Pour plus d'informations sur DKIM, cliquez sur le bouton ci-dessous."
+	"DMARC utilise à la fois SPF et DKIM. Pour plus d'informations sur DKIM, [cliquez ici](https://knowledge.ondmarc.redsift.com/en/articles/1142653-what-is-dkim)."
 ],
 	"investigate.signal-description.SPF_DOMAIN_md_INTRO": "",
 	"investigate.signal-description.SPF_DOMAIN_ANALYZER_md_SHORT": "SPF signifie **Sender Policy Framework**. Il a été développé pour lutter contre la falsification de l'adresse de l'expéditeur. Il s'agit d'un protocole d'authentification qui **vérifie les identités `MAIL FROM` ou `HELO/EHLO` pendant la transmission du courrier électronique**.",
@@ -1681,11 +1708,12 @@ var frFR = {
 	"investigate.signal-description.SUBDO_DOMAIN_ANALYZER_md_LONG": null,
 	"investigate.signal-description.SUBDO_DOMAIN_ANALYZER_md": "Nous avons vérifié votre enregistrement SPF et n'avons trouvé aucune inclusion compromise",
 	"investigate.signal-description.SPF_DOMAIN_ANALYZER_md_LONG": [
+	"",
 	"Pour ce faire, SPF compare l'adresse IP du serveur d'envoi à une **liste d'expéditeurs autorisés**. Les expéditeurs autorisés sont les adresses IP qui sont autorisées à envoyer des messages au nom du domaine d'envoi. Elles sont **spécifiées dans un enregistrement TXT** qui est publié dans le DNS du propriétaire du domaine.",
 	"",
 	"Si le destinataire prend en charge SPF, il vérifie, lors de la réception d'un courrier électronique, si l'adresse IP d'envoi est autorisée à envoyer des messages au nom du domaine et, si elle ne figure pas dans cette liste, l'authentification SPF échoue.",
 	"",
-	"DMARC utilise à la fois SPF et DKIM. Pour plus d'informations sur DKIM, cliquez sur le bouton ci-dessous."
+	"DMARC utilise à la fois SPF et DKIM. Pour plus d'informations sur DKIM, [cliquez ici](https://knowledge.ondmarc.redsift.com/en/articles/1142653-what-is-dkim)."
 ],
 	"investigate.signal-description.SPF_DOMAIN_ANALYZER_md_INTRO": "",
 	"investigate.signal-description.URLS_md_SHORT": "Affiche toutes les URL extraites de l'e-mail. Ceci est utile si vous avez besoin de vous abonner via un lien au service que vous testez.",
@@ -1693,6 +1721,7 @@ var frFR = {
 	"investigate.signal-description.URLS_md_INTRO": "",
 	"investigate.signal-description.THREATINV_md_SHORT": "Les résultats du contrôle **Threat Intelligence** permettent d'identifier les courriels suspects ou ceux qui devraient être bloqués. Ils mettent également en évidence les problèmes de **délivrabilité** provenant de sources légitimes.",
 	"investigate.signal-description.THREATINV_md_LONG": [
+	"",
 	"Les bases de données **Spamhaus** qui sont vérifiées sont des **ensembles de données de renseignements sur les menaces** complets** et efficaces. Elles sont **mises à jour en permanence** et entretenues par les chercheurs du projet Spamhaus."
 ],
 	"investigate.signal-description.THREATINV_md_INTRO": "**L'IP** et le domaine** de l'expéditeur ont été comparés à des bases de données de **spammers**, **malwares**, **non mail transfer agents**, **botnet**, **phishers** ou **low-reputation** connus.",
@@ -1700,16 +1729,20 @@ var frFR = {
 	"investigate.signal-description.THREATINV_DOMAIN_ANALYZER_NO_THREATS_md": "Le domaine a été comparé à des bases de données de spammeurs, d'agents de transfert de courrier web, de botnets, de phishers et de sources non réputées de confiance : aucune activité suspecte.",
 	"investigate.signal-description.THREATINV_DOMAIN_ANALYZER_md_SHORT": "Les résultats du contrôle **Threat Intelligence** permettent d'identifier les domaines suspects ou ceux qui devraient être bloqués. Ils mettent également en évidence les problèmes de **délivrabilité** des sources légitimes.",
 	"investigate.signal-description.THREATINV_DOMAIN_ANALYZER_md_LONG": [
+	"",
 	"Les bases de données **Spamhaus** qui sont vérifiées sont des **ensembles de données de renseignements sur les menaces** complets** et efficaces. Elles sont **mises à jour en permanence** et entretenues par les chercheurs du projet Spamhaus."
 ],
 	"investigate.signal-description.THREATINV_DOMAIN_ANALYZER_md_INTRO": "Le **domaine** a été comparé à des bases de données de **spammers**, **malwares**, **non mail transfer agents**, **botnet** resources, **phishers**, ou **low-reputation** senders connus.",
 	"investigate.signal-description.BIMI_md_SHORT": "**OnDMARC** et l'équipe de Red Sift peuvent faire en sorte que votre marque soit **conforme au BIMI**, y compris l'émission d'un **VMC** ou d'un **CMC** par l'intermédiaire de nos partenaires. [En savoir plus](https://redsift.com/pulse-platform/ondmarc/bimi)",
 	"investigate.signal-description.BIMI_md_LONG": [
+	"",
 	"Pour devenir **conforme au BIMI**, les critères suivants doivent être remplis :",
 	"",
 	"1. Le domaine d'envoi doit être **DMARC compliant**.",
 	"2. Vous devez détenir la **marque ou des droits certifiés pour le logo** que vous souhaitez afficher.",
-	"3. Vous devez disposer d'un **certificat VMC ou CMC valide** qui prouve que vous êtes autorisé à utiliser le logo et que vous contrôlez le domaine d'envoi."
+	"3. Vous devez disposer d'un **certificat VMC ou CMC valide** qui prouve que vous êtes autorisé à utiliser le logo et que vous contrôlez le domaine d'envoi.",
+	"",
+	"Pour plus de détails sur les différences entre VMC et CMC, consultez notre [guide BIMI](https://redsift.com/guides/bimi#key-differences-between-vmc-and-cmc)."
 ],
 	"investigate.signal-description.BIMI_md_INTRO": "**BIMI**, ou **Brand Indicators** for **Message Identification**, est une proposition de norme qui vous permet d'afficher le logo de votre entreprise ou de votre marque à côté de vos messages électroniques authentifiés dans la boîte de réception de vos clients. [En savoir plus](https://redsift.com/pulse-platform/ondmarc/bimi)",
 	"investigate.signal-description.DNSSEC_md_SHORT": "Les extensions de sécurité du système de noms de domaine (DNSSEC) sont une fonctionnalité du système de noms de domaine (DNS) qui authentifie les réponses aux recherches de noms de domaine. Elle ne fournit pas de protection de la vie privée pour ces recherches, mais empêche les attaquants de manipuler ou d'empoisonner les réponses aux requêtes DNS.",
@@ -1722,6 +1755,7 @@ var frFR = {
 ],
 	"investigate.signal-description.MTA-STS_md_SHORT": "**MTA-STS** (Mail Transfer Agent Strict Transport Security) indique aux serveurs d'envoi de ne délivrer vos messages que lorsqu'une connexion TLS est négociée et que la politique que vous publiez est valide.",
 	"investigate.signal-description.MTA-STS_md_LONG": [
+	"",
 	"Pour être protégé par **MTA-STS**, vous devez :",
 	"",
 	"1. Publier un **enregistrement TXT mta-sts** qui annonce votre politique.",
@@ -1851,8 +1885,8 @@ var frFR = {
 	"glossary.label.RETURN_PATH": "Return path",
 	"glossary.label.RETURN_PATH.value": "Return path",
 	"glossary.label.RETURN_PATH.link": "return-path",
-	"glossary.label.DMARC_POLICY": "p=",
-	"glossary.label.DMARC_POLICY.value": "p=",
+	"glossary.label.DMARC_POLICY": "Politique DMARC",
+	"glossary.label.DMARC_POLICY.value": "Politique DMARC",
 	"glossary.label.DMARC_POLICY.value_FULL": "Politique DMARC",
 	"glossary.label.DMARC_POLICY.value_REPORTED": "rapporté",
 	"glossary.label.DMARC_POLICY.value_QUARANTINE": "mis en quarantaine",
@@ -3346,44 +3380,64 @@ function getCardType$6() {
     bimiRecordStatus = recordStatus.FAILED_TO_FETCH,
     imageUrl,
     svgErrors = [],
-    vmc
+    vmc,
+    reportNew
   } = bimi;
   const svgValid = Boolean(imageUrl) && svgErrors.length === 0;
+  // Helper to get worst status from reportNew messages
+  const getReportNewWorstStatus = () => {
+    if (!reportNew || reportNew.length === 0) return null;
+    const hasError = reportNew.some(r => r.status === 'error');
+    const hasWarning = reportNew.some(r => r.status === 'warning');
+    if (hasError) return CARD_STATUS$1.DANGER;
+    if (hasWarning) return CARD_STATUS$1.WARNING;
+    return null;
+  };
+  // Helper to return the worst of two statuses
+  const applyReportNewStatus = baseStatus => {
+    const reportNewStatus = getReportNewWorstStatus();
+    if (!reportNewStatus) return baseStatus;
+    // DANGER is worse than WARNING is worse than GOOD
+    if (reportNewStatus === CARD_STATUS$1.DANGER) return CARD_STATUS$1.DANGER;
+    if (reportNewStatus === CARD_STATUS$1.WARNING && baseStatus === CARD_STATUS$1.GOOD) {
+      return CARD_STATUS$1.WARNING;
+    }
+    return baseStatus;
+  };
   if (bimiRecordStatus === recordStatus.DECLINATION_TO_PUBLISH) {
-    return CARD_STATUS$1.GOOD;
+    return applyReportNewStatus(CARD_STATUS$1.GOOD);
   }
-  // Check DMARC compliance first - if not compliant, it's always danger
-  if (!dmarcCompliant) {
-    return CARD_STATUS$1.DANGER;
+  // Check noRecordTxt first - this is a warning regardless of DMARC compliance
+  // (matches legacy behavior from prod)
+  if (bimiRecordStatus === recordStatus.NO_RECORD_TXT) {
+    return applyReportNewStatus(CARD_STATUS$1.WARNING);
   }
-  // If DMARC compliant but no BIMI record, it's a warning (BIMI is optional)
-  if (bimiRecordStatus === recordStatus.NO_RECORD_TXT) {
-    return CARD_STATUS$1.WARNING;
+  // Check DMARC compliance - if not compliant, it's danger
+  if (!dmarcCompliant) {
+    return applyReportNewStatus(CARD_STATUS$1.DANGER);
   }
-  if (bimiRecordStatus === recordStatus.FAILED_TO_FETCH || bimiRecordStatus === recordStatus.CERT_INVALID || bimiRecordStatus === recordStatus.NOT_VMC || bimiRecordStatus === recordStatus.WITH_ERRORS || bimiRecordStatus === recordStatus.CERT_NOT_FOUND || bimiRecordStatus === recordStatus.CERTIFICATE_FORBIDDEN) {
-    return CARD_STATUS$1.DANGER;
+  if (bimiRecordStatus === recordStatus.INVALID_RECORD_TXT || bimiRecordStatus === recordStatus.FAILED_TO_FETCH || bimiRecordStatus === recordStatus.CERT_INVALID || bimiRecordStatus === recordStatus.NOT_VMC || bimiRecordStatus === recordStatus.WITH_ERRORS || bimiRecordStatus === recordStatus.CERT_NOT_FOUND || bimiRecordStatus === recordStatus.CERTIFICATE_FORBIDDEN) {
+    return applyReportNewStatus(CARD_STATUS$1.DANGER);
   }
-  // Check for expired VMC certificate
+  // Check for expired VMC certificate - expired certs should be treated as danger
   if (vmc !== null && vmc !== void 0 && vmc.expiryDate) {
     const expiryDate = new Date(vmc.expiryDate);
     const now = new Date();
     if (expiryDate < now) {
-      return CARD_STATUS$1.WARNING;
+      return applyReportNewStatus(CARD_STATUS$1.DANGER);
     }
   }
   if (svgValid) {
-    return CARD_STATUS$1.GOOD;
+    return applyReportNewStatus(CARD_STATUS$1.GOOD);
   }
-  // SVG validation errors are warnings, not critical failures
-  // The logo might not display properly but BIMI record is valid
-  if (svgErrors.length > 0) {
-    return CARD_STATUS$1.WARNING;
-  }
-  return CARD_STATUS$1.DANGER;
+  // SVG errors and missing images are danger conditions
+  return applyReportNewStatus(CARD_STATUS$1.DANGER);
 }
 function extractDataUnsafe$9() {
   let bimi = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
@@ -3854,7 +3908,7 @@ const StyledGlossaryTag = styled.a`
   display: inline-flex;
   align-items: center;
   justify-content: center;
-  padding: 0.2em 0.5em;
+  padding: 4px 8px;
   margin: 0 0.35rem;
   border-radius: 4px;
   background-color: ${_ref => {
@@ -3869,6 +3923,7 @@ const StyledGlossaryTag = styled.a`
   font-weight: 400;
   font-family: var(--sc-font-body, ${DS_FONT_BODY$b});
   white-space: nowrap;
+  line-height: 1.3;
   color: ${COLOR.grey.darkest} !important;
   text-decoration: none !important;
   transition: background-color 150ms ease;
@@ -4606,9 +4661,10 @@ const isValidUrl = url => {
  */
 // Combined regex pattern for O(n) parsing - matches all markdown patterns in a single pass
-// Groups: 1=glossary text, 2=glossary term, 3=link text, 4=link url, 5=bold, 6=italic, 7=code
+// Groups: 1=glossary text, 2=glossary term, 3=http link text, 4=http link url, 5=bold, 6=italic, 7=code, 8=plain link text, 9=plain link value
 // NOTE: Create new RegExp instance per call to avoid shared state issues with global flag
-const COMBINED_PATTERN_SOURCE = /\[([^\]]*)\]\(([A-Z_]+)#:glossary\)|\[([^\]]+)\]\((https?:\/\/[^)]+)\)|\*\*([^*]+)\*\*|\*(?!\*)([^*]+)\*(?!\*)|`([^`]+)`/.source;
+// Order matters: check glossary first, then http links, then plain links (most specific to least specific)
+const COMBINED_PATTERN_SOURCE = /\[([^\]]*)\]\(([A-Z_]+)#:glossary\)|\[([^\]]+)\]\((https?:\/\/[^)]+)\)|\*\*([^*]+)\*\*|\*(?!\*)([^*]+)\*(?!\*)|`([^`]+)`|\[([^\]]+)\]\(([^)]+)\)/.source;
 function parseGlossaryMarkdown(text) {
   if (!text || typeof text !== 'string') {
     return text;
@@ -4711,6 +4767,13 @@ function parseGlossaryMarkdown(text) {
       parts.push( /*#__PURE__*/React__default.createElement("code", {
         key: `code-${keyCounter++}`
       }, codeText));
+    } else if (match[8] !== undefined && match[9] !== undefined) {
+      // Plain link (non-http): [text](value) - render value as plain text
+      // This handles cases like [svg-url](123) where 123 is not a valid URL
+      const linkValue = match[9];
+      parts.push( /*#__PURE__*/React__default.createElement("span", {
+        key: `plain-link-${keyCounter++}`
+      }, linkValue));
     }
     lastIndex = match.index + match[0].length;
   }
@@ -5677,9 +5740,10 @@ const DescriptionToggle = styled.div`
  */
 const CardWrapper = styled.div`
   height: 100%;
+  text-align: left;
   @media only screen and (max-width: 768px) {
-    min-width: 350px;
+    min-width: auto;
   }
   /* Override DetailedCard header font (uses CSS var with DS fallback) */
@@ -6609,7 +6673,7 @@ const getIcon$1 = _ref5 => {
         });
       }
       return /*#__PURE__*/React__default.createElement(Icon, {
-        icon: mdiInformation,
+        icon: mdiInformationOutline,
         size: "small"
       });
     case 'warning':
@@ -6641,7 +6705,8 @@ const InfoItem = _ref6 => {
     subtexts,
     hasWarning,
     fluid,
-    extractionBox
+    extractionBox,
+    'data-testid': dataTestId
   } = _ref6;
   const renderedText = renderValue(text, 'info-item-text');
   const icon = getIcon$1({
@@ -6657,11 +6722,13 @@ const InfoItem = _ref6 => {
   // Handle image type specially - render without flex wrapper to preserve overflow
   if (type === 'image') {
     return /*#__PURE__*/React__default.createElement(StyledInfoItem, {
-      $fluid: fluid
+      $fluid: fluid,
+      "data-testid": dataTestId
     }, renderedText.length ? renderedText : null);
   }
   const content = /*#__PURE__*/React__default.createElement(StyledInfoItem, {
-    $fluid: fluid
+    $fluid: fluid,
+    "data-testid": dataTestId
   }, /*#__PURE__*/React__default.createElement(StyledItemText, null, icon && /*#__PURE__*/React__default.createElement(StyledIconWrapper, null, icon), /*#__PURE__*/React__default.createElement(StyledContent, null, renderedText.length ? renderedText : null)), subtexts !== null && subtexts !== void 0 && subtexts.length ? /*#__PURE__*/React__default.createElement(StyledSubtexts, null, subtexts.map((subtext, idx) => /*#__PURE__*/React__default.createElement(React__default.Fragment, {
     key: idx
   }, renderValue(subtext.text, `info-item-subtext-${idx}`)))) : null);
@@ -7428,7 +7495,8 @@ const SignalCardNormal = /*#__PURE__*/forwardRef((props, ref) => {
         key: `generic-${section.id}-${i}`,
         header: section.title,
         isCollapsible: (_section$isCollapsibl = section.isCollapsible) !== null && _section$isCollapsibl !== void 0 ? _section$isCollapsibl : false,
-        isCollapsed: areAllCollapsed
+        isCollapsed: areAllCollapsed,
+        "data-testid": section.testId
       }, section.content);
     });
   }, [sections, areAllCollapsed]);
@@ -7485,7 +7553,8 @@ const SignalCardNormal = /*#__PURE__*/forwardRef((props, ref) => {
         key: genericSection.id,
         header: genericSection.title,
         isCollapsible: (_genericSection$isCol = genericSection.isCollapsible) !== null && _genericSection$isCol !== void 0 ? _genericSection$isCol : false,
-        isCollapsed: areAllCollapsed
+        isCollapsed: areAllCollapsed,
+        "data-testid": genericSection.testId
       }, genericSection.content)];
     }
@@ -15199,7 +15268,7 @@ const LogosWrapper = styled.div`
     display: flex;
     flex-direction: row;
     justify-content: flex-start;
-    gap: 1rem;
+    gap: 16px;
   }
   border: 1px solid #dddddd;
@@ -15210,7 +15279,7 @@ const LogosWrapper = styled.div`
   }
   margin-bottom: 1.125rem;
   max-width: 100%;
-  overflow: auto;
+  overflow: hidden;
   box-sizing: border-box;
   background: ${_ref => {
@@ -15221,7 +15290,7 @@ const LogosWrapper = styled.div`
 }};
   & > :first-child {
-    padding-right: 0.93rem;
+    padding-right: 8px;
     @media only screen and (min-width: 768px) {
       padding-right: 1.25rem;
     }
@@ -15236,6 +15305,9 @@ const LogosWrapper = styled.div`
   }
 `;
 const LogoElementWrapper = styled.div`
+  flex-shrink: 1;
+  min-width: 0;
   &,
   & > div:first-child {
     display: flex;
@@ -15256,6 +15328,7 @@ const LogoElementWrapper = styled.div`
     background-size: cover;
     background-repeat: no-repeat;
     background-position: center;
+    max-width: 100%;
     ${_ref2 => {
   let {
@@ -15347,10 +15420,13 @@ const LogoElement = _ref8 => {
   const [aspectRatio, setAspectRatio] = useState(`${size}x${size}`);
   const [url, setUrl] = useState(svgUrl !== null && svgUrl !== void 0 ? svgUrl : isDark ? PLACEHOLDER_LIGHT : PLACEHOLDER_DARK);
   const [error, setError] = useState(false);
+  const [isLoaded, setIsLoaded] = useState(false);
   useEffect(() => {
+    setIsLoaded(false);
     if (!svgUrl) {
       setUrl(isDark ? PLACEHOLDER_LIGHT : PLACEHOLDER_DARK);
       setError(true);
+      setIsLoaded(true);
       return;
     }
     const img = new Image();
@@ -15360,6 +15436,7 @@ const LogoElement = _ref8 => {
         height
       } = img;
       setAspectRatio(getAspectRatio(height, width));
+      setIsLoaded(true);
     };
     img.onerror = error => {
       componentLogger.error('Error loading image', error);
@@ -15369,6 +15446,7 @@ const LogoElement = _ref8 => {
       }
       setUrl(isDark ? PLACEHOLDER_LIGHT : PLACEHOLDER_DARK);
       setError(true);
+      setIsLoaded(true);
     };
     const newUrl = uncompressLogo(svgUrl);
     img.src = newUrl;
@@ -15379,7 +15457,9 @@ const LogoElement = _ref8 => {
     $square: square,
     $size: size
   }, /*#__PURE__*/React__default.createElement("div", null, /*#__PURE__*/React__default.createElement("div", {
+    "data-testid": "bimi-logo-image",
     "data-error": error,
+    "data-loaded": isLoaded,
     className: 'img',
     style: {
       backgroundImage: `url(${url})`
@@ -15498,7 +15578,9 @@ const BIMI_LINK = Object.freeze({
   UNDERSTAND_ANALYZER: 'https://community.redsift.com/s/article/000001131',
   LOGO_REQUIREMENTS: 'https://community.redsift.com/s/article/000001131',
   HOW_TO_CREATE: 'https://blog.redsift.com/bimi/how-to-create-a-bimi-supported-svg-logo-file',
-  CANNOT_FETCH_LOGO_OR_CERTIFICATE: 'https://knowledge.ondmarc.redsift.com/en/articles/8047013-ondmarc-cannot-fetch-my-bimi-logo-or-certificate'
+  CANNOT_FETCH_LOGO_OR_CERTIFICATE: 'https://knowledge.ondmarc.redsift.com/en/articles/8047013-ondmarc-cannot-fetch-my-bimi-logo-or-certificate',
+  WHAT_IS_BIMI: 'https://knowledge.ondmarc.redsift.com/en/articles/4124230-what-is-bimi',
+  DMARC_POLICIES: 'https://knowledge.ondmarc.redsift.com/en/articles/2868231-what-are-the-different-dmarc-policies'
 });
 // ============================================================================
@@ -15578,34 +15660,44 @@ function getExtractedItemsDmarc(_ref2, t) {
     fromDomain
   } = dmarc;
   if (policy) {
-    extractedItemsCategories.push({
-      title: t('section-titles.bimi-domain'),
-      categoryType: 'dmarc-domain',
-      extractionBox: {
-        caption: 'dns'
-      },
-      items: [{
+    const items = [];
+    // Only add fromDomain item if it has a valid value
+    if (fromDomain) {
+      items.push({
         inline: true,
         label: /*#__PURE__*/React__default.createElement(From, null),
         text: fromDomain,
         theme: 'email',
         type: ''
-      }, {
-        label: /*#__PURE__*/React__default.createElement(DmarcPolicy, null),
-        text: policy.p,
-        theme: 'dns',
-        type: ''
-      }, {
-        label: /*#__PURE__*/React__default.createElement(Pct, null),
-        text: policy.pct,
-        theme: 'dns',
-        type: ''
-      }, ...(policy.sp === 'none' ? [{
+      });
+    }
+    items.push({
+      label: /*#__PURE__*/React__default.createElement(DmarcPolicy, null),
+      text: policy.p,
+      theme: 'dns',
+      type: ''
+    }, {
+      label: /*#__PURE__*/React__default.createElement(Pct, null),
+      text: policy.pct,
+      theme: 'dns',
+      type: ''
+    });
+    if (policy.sp === 'none') {
+      items.push({
         label: /*#__PURE__*/React__default.createElement(Sp, null),
         text: policy.sp,
         theme: 'dns',
         type: ''
-      }] : [])]
+      });
+    }
+    extractedItemsCategories.push({
+      title: t('section-titles.bimi-domain'),
+      categoryType: 'dmarc-domain',
+      extractionBox: {
+        caption: 'dns'
+      },
+      items
     });
   }
   return extractedItemsCategories;
@@ -15614,70 +15706,142 @@ function getExtractedItemsDmarc(_ref2, t) {
 // ============================================================================
 // Info Items Helpers
 // ============================================================================
-function getBimiItems(bimiRecordStatus, recordValidationErrors, t) {
+function getBimiItems(bimiRecordStatus, recordValidationErrors, reportNew, bimiRecordErrors, t) {
   const items = [];
-  const validationErrors = recordValidationErrors !== null && recordValidationErrors !== void 0 ? recordValidationErrors : [];
+  // Filter out 'bimi-error-invalid-record' when status is INVALID_RECORD_TXT to avoid duplicate messages
+  const validationErrors = (recordValidationErrors !== null && recordValidationErrors !== void 0 ? recordValidationErrors : []).filter(errorCode => {
+    if (bimiRecordStatus === recordStatus.INVALID_RECORD_TXT && errorCode === 'bimi-error-invalid-record') {
+      return false;
+    }
+    return true;
+  });
   switch (bimiRecordStatus) {
     case recordStatus.DECLINATION_TO_PUBLISH:
       items.push({
         text: t('card.bimi.record-declination_md'),
-        type: 'good'
+        type: 'good',
+        'data-testid': 'bimi-record-declination'
       });
       break;
     case recordStatus.VALID:
       items.push({
         text: t('card.bimi.record-passed_md'),
-        type: 'good'
+        type: 'good',
+        'data-testid': 'bimi-record-valid'
       });
       break;
     case recordStatus.INVALID_RECORD_TXT:
       items.push({
         text: t('card.bimi.record-invalid_md'),
-        type: 'danger'
+        type: 'danger',
+        'data-testid': 'bimi-record-invalid'
       });
       validationErrors.forEach(errorCode => {
         items.push({
           text: t(`card.bimi.errors.${errorCode}`),
-          type: '',
-          theme: 'info'
+          type: 'info',
+          theme: ''
         });
       });
       break;
     case recordStatus.CERT_NOT_FOUND:
       items.push({
         text: t('card.bimi.record-no-cert_md'),
-        type: 'danger'
+        type: 'danger',
+        'data-testid': 'bimi-record-no-cert'
       });
       break;
     case recordStatus.NOT_VMC:
-    case recordStatus.CERT_INVALID:
     case recordStatus.WITH_ERRORS:
       items.push({
         text: t('card.bimi.record-failed_md'),
-        type: 'danger'
+        type: 'warning',
+        'data-testid': 'bimi-record-failed'
+      });
+      validationErrors.forEach(errorCode => {
+        items.push({
+          text: t(`card.bimi.errors.${errorCode}`),
+          type: 'info',
+          theme: ''
+        });
+      });
+      break;
+    case recordStatus.CERT_INVALID:
+      items.push({
+        text: t('card.bimi.record-failed_md'),
+        type: 'warning',
+        'data-testid': 'bimi-record-cert-invalid'
       });
       validationErrors.forEach(errorCode => {
         items.push({
           text: t(`card.bimi.errors.${errorCode}`),
-          type: '',
-          theme: 'info'
+          type: 'info',
+          theme: ''
         });
       });
       break;
+    case recordStatus.CERTIFICATE_FORBIDDEN:
+      items.push({
+        text: t('card.bimi.cert-forbidden_md'),
+        type: 'danger',
+        'data-testid': 'bimi-record-cert-forbidden'
+      });
+      break;
     case recordStatus.FAILED_TO_FETCH:
       items.push({
         text: t('card.bimi.could-not-fetch_md'),
-        type: 'danger'
+        type: 'danger',
+        'data-testid': 'bimi-record-fetch-failed'
       });
       break;
     case recordStatus.NO_RECORD_TXT:
     default:
       items.push({
         text: t('card.bimi.record-missing_md'),
-        type: 'danger'
+        type: 'danger',
+        'data-testid': 'bimi-record-not-found'
       });
   }
+  // Add reportNew messages if present, filtering out duplicates
+  if (reportNew && reportNew.length > 0) {
+    reportNew.forEach(report => {
+      var _report$message;
+      // Handle both camelCase (msgCode) and snake_case (msg_code) from API
+      const msgCode = report.msgCode || report.msg_code;
+      // Skip "No BIMI record found" (DNS-BIMI-0008) when bimiRecordStatus already shows missing record
+      if (msgCode === 'DNS-BIMI-0008' && bimiRecordStatus === recordStatus.NO_RECORD_TXT) {
+        return;
+      }
+      // Skip "Declination to publish" (DNS-BIMI-0013) when bimiRecordStatus already shows declination
+      // Also match on message text as fallback in case msgCode is missing
+      const isDeclinationMessage = msgCode === 'DNS-BIMI-0013' || ((_report$message = report.message) === null || _report$message === void 0 ? void 0 : _report$message.toLowerCase().includes('declination to publish'));
+      if (isDeclinationMessage && bimiRecordStatus === recordStatus.DECLINATION_TO_PUBLISH) {
+        return;
+      }
+      // Map API status to item type: error -> danger, warning -> warning, info -> info
+      const itemType = report.status === 'error' ? 'danger' : report.status;
+      items.push({
+        text: report.message,
+        type: itemType,
+        'data-testid': `bimi-report-${msgCode || report.status}`
+      });
+    });
+  }
+  // Add bimiRecord.errors messages if present (specific validation errors like duplicate tags)
+  if (bimiRecordErrors && bimiRecordErrors.length > 0) {
+    bimiRecordErrors.forEach(error => {
+      if (error.message) {
+        items.push({
+          text: error.message,
+          type: 'danger',
+          'data-testid': `bimi-record-error-${error.code || 'unknown'}`
+        });
+      }
+    });
+  }
   return items;
 }
 function getInfoItemsCategoriesBimi() {
@@ -15685,11 +15849,14 @@ function getInfoItemsCategoriesBimi() {
   let t = arguments.length > 1 ? arguments[1] : undefined;
   const {
     bimiRecordStatus = recordStatus.FAILED_TO_FETCH,
-    recordValidationErrors
+    recordValidationErrors,
+    reportNew,
+    bimiRecord
   } = bimi;
+  const bimiRecordErrors = bimiRecord === null || bimiRecord === void 0 ? void 0 : bimiRecord.errors;
   return {
     infoItemsCategories: [{
-      items: getBimiItems(bimiRecordStatus, recordValidationErrors, t),
+      items: getBimiItems(bimiRecordStatus, recordValidationErrors, reportNew, bimiRecordErrors, t),
       title: t('card.bimi.record-status-title')
     }]
   };
@@ -15708,12 +15875,13 @@ function getInfoItemsCategoriesDmarc() {
   }
   const dmarcCompliantItems = [{
     text: /*#__PURE__*/React__default.createElement(DmarcCompliant, null),
-    type: dmarcCompliant ? 'good' : 'danger'
+    type: dmarcCompliant ? 'good' : 'danger',
+    'data-testid': `dmarc-compliance-${dmarcCompliant ? 'pass' : 'fail'}`
   }];
   if (!dmarcCompliant) {
     dmarcCompliantItems.push({
       text: parseGlossaryMarkdown(t('investigate:card.bimi.record-info_md')),
-      type: 'no-icon',
+      type: 'info',
       theme: 'info'
     });
   }
@@ -15771,14 +15939,39 @@ function getSafeSVG() {
     };
   }
   const items = [textItem, svgItem];
-  if (!validSvg) {
+  // Only show svgErrors when imageUrl exists - if imageUrl is null, the "Logo missing" message is sufficient
+  // Raw API errors like "can't fetch SVG from null: Get 'null': unsupported protocol scheme" are confusing
+  if (!validSvg && imageAdded) {
     svgErrors.forEach(msg => {
-      const errorTextBase = t(`card.bimi.logoErrors.${msg}_md`);
-      const errorText = localizeAssertionMarkdown(errorTextBase, assertionMarkType) || errorTextBase;
-      items.push({
-        text: errorText,
-        type: 'warning'
-      });
+      const translationKey = `card.bimi.logoErrors.${msg}_md`;
+      const translatedText = t(translationKey);
+      // Check if translation exists (key returned means no translation found)
+      const hasTranslation = translatedText !== translationKey && !translatedText.endsWith('_md');
+      if (hasTranslation) {
+        // Known error with translation - use warning icon
+        const errorText = localizeAssertionMarkdown(translatedText, assertionMarkType) || translatedText;
+        items.push({
+          text: errorText,
+          type: 'warning'
+        });
+      } else {
+        // Unknown error (e.g., "http status not OK") - use fallback message with outlined info icon
+        // The API error may already include context, so just prefix with VMC glossary tag
+        const fallbackText = t('card.bimi.svg-error-fallback_md', {
+          error: msg
+        });
+        const errorText = localizeAssertionMarkdown(fallbackText, assertionMarkType) || fallbackText;
+        // Pass as React element to prevent double-processing by Checklist's parseGlossaryMarkdown
+        // Use type: 'info' with theme: '' to get the outlined info icon (mdiInformationOutline)
+        // Empty string bypasses the default 'email' theme in Checklist.getIcon
+        items.push({
+          text: parseGlossaryMarkdown(errorText),
+          type: 'info',
+          theme: ''
+        });
+      }
     });
   }
   return {
@@ -15800,10 +15993,20 @@ function getVMCCertificate() {
     vmc,
     pemUrl
   } = bimi;
-  if (!vmc || !pemUrl || bimiRecordStatus === recordStatus.FAILED_TO_FETCH || bimiRecordStatus === recordStatus.NO_RECORD_TXT) {
+  // Validate pemUrl is a real URL - test placeholders like 'any-string-should-work' should not show VMC section
+  const isValidPemUrl = pemUrl && (pemUrl.startsWith('http://') || pemUrl.startsWith('https://'));
+  if (!vmc || !isValidPemUrl || bimiRecordStatus === recordStatus.FAILED_TO_FETCH || bimiRecordStatus === recordStatus.NO_RECORD_TXT) {
+    return null;
+  }
+  // Skip VMC section if pemUrl is actually a logo URL (ends with .svg)
+  // This is a temporary hack - pemUrl shouldn't be populated when there's no a= tag
+  if (pemUrl.endsWith('.svg')) {
     return null;
   }
   const {
+    assertionMark = null,
     assertionMarkType: assertionMarkTypeRaw,
     compliant = false,
     expiryDate = null,
@@ -15824,7 +16027,17 @@ function getVMCCertificate() {
   // Handle PEM errors
   if (pemErrors.length > 0) {
     pemErrors.forEach(error => {
-      if (error === 'cert-forbidden') {
+      if (error === 'cert-not-found') {
+        // Show "Certificate not found" error
+        const certNotFoundTextBase = t('card.bimi.pemErrors.cert-not-found_md');
+        const certNotFoundText = localizeAssertionMarkdown(certNotFoundTextBase, assertionMarkType) || certNotFoundTextBase;
+        vmcItems.items.push({
+          text: certNotFoundText,
+          type: 'danger',
+          'data-testid': 'vmc-cert-not-found'
+        });
+      } else if (error === 'cert-forbidden') {
+        // Show cert-forbidden which has special UI with a help link
         vmcItems.items.push({
           text: /*#__PURE__*/React__default.createElement(React__default.Fragment, null, t('certForbidden'), /*#__PURE__*/React__default.createElement(Link, {
             href: BIMI_LINK.CANNOT_FETCH_LOGO_OR_CERTIFICATE,
@@ -15833,14 +16046,8 @@ function getVMCCertificate() {
           }, t('certForbiddenLinkText'))),
           type: 'danger'
         });
-      } else {
-        const pemErrorTextBase = t(`card.bimi.pemErrors.${error}_md`);
-        const pemErrorText = localizeAssertionMarkdown(pemErrorTextBase, assertionMarkType) || pemErrorTextBase;
-        vmcItems.items.push({
-          text: pemErrorText,
-          type: 'danger'
-        });
       }
+      // Skip other pemErrors - the compliance status "is invalid" provides this info with pem-url context
     });
   }
@@ -15859,15 +16066,16 @@ function getVMCCertificate() {
   // Handle general errors (skip if error code is already in pemErrors or logoErrors)
   const normalizedErrors = Array.isArray(errors) && errors.length ? errors.filter(error => typeof (error === null || error === void 0 ? void 0 : error.message) === 'string') : [];
-  // Normalize pemErrors and logoErrors for comparison
-  const normalizedPemErrors = pemErrors.map(e => e.toLowerCase());
+  // Normalize logoErrors for comparison
   const normalizedLogoErrors = logoErrors.map(e => e.toLowerCase());
-  if (normalizedErrors.length > 0) {
+  // Only process general errors if no pemErrors exist (they contain duplicate/related messages)
+  if (pemErrors.length === 0 && normalizedErrors.length > 0) {
     normalizedErrors.forEach(error => {
       var _error$code$toLowerCa, _error$code, _error$message;
-      // Skip if this error code is already represented in pemErrors or logoErrors
+      // Skip if this error code is already represented in logoErrors
       const errorCode = (_error$code$toLowerCa = error === null || error === void 0 ? void 0 : (_error$code = error.code) === null || _error$code === void 0 ? void 0 : _error$code.toLowerCase()) !== null && _error$code$toLowerCa !== void 0 ? _error$code$toLowerCa : '';
-      if (errorCode && (normalizedPemErrors.includes(errorCode) || normalizedLogoErrors.includes(errorCode))) {
+      if (errorCode && normalizedLogoErrors.includes(errorCode)) {
         return;
       }
       const messageBase = (_error$message = error === null || error === void 0 ? void 0 : error.message) !== null && _error$message !== void 0 ? _error$message : '';
@@ -15896,12 +16104,14 @@ function getVMCCertificate() {
   if (compliant) {
     vmcItems.items.push({
       text,
-      type: 'good'
+      type: 'good',
+      'data-testid': 'vmc-validity-valid'
     });
   } else if (!pemErrors.find(err => err === 'cert-not-found')) {
     vmcItems.items.push({
       text,
-      type: 'warning'
+      type: pemErrors.length > 0 ? 'danger' : 'warning',
+      'data-testid': 'vmc-validity-invalid'
     });
   }
@@ -15939,6 +16149,18 @@ function getVMCCertificate() {
     });
   }
+  // Add assertion mark
+  if (assertionMark) {
+    const assertionMarkTextBase = t('card.bimi.vmc.assertionMark_md', {
+      assertionMark
+    });
+    const assertionMarkText = localizeAssertionMarkdown(assertionMarkTextBase, assertionMarkType) || assertionMarkTextBase;
+    vmcItems.items.push({
+      text: assertionMarkText,
+      type: 'no-icon'
+    });
+  }
   // Add trademark authority
   if ((trademarkAuthority === null || trademarkAuthority === void 0 ? void 0 : trademarkAuthority.length) > 0) {
     const trademarkTextBase = t('card.bimi.vmc.trademarkAuthority_md', {
@@ -15964,7 +16186,8 @@ function getVMCCertificate() {
     vmcItems.items.push({
       text: expiryText,
       type: 'no-icon',
-      theme: expired ? 'warn' : undefined
+      theme: expired ? 'warn' : undefined,
+      'data-testid': `vmc-expiration-${expired ? 'expired' : 'valid'}`
     });
   }
   return vmcItems;
@@ -16060,7 +16283,8 @@ const SignalCardBimi$1 = /*#__PURE__*/forwardRef((props, ref) => {
     title: cat.title,
     content: /*#__PURE__*/React__default.createElement(Checklist$1, {
       items: cat.items
-    })
+    }),
+    testId: `bimi-dmarc-section-${i}`
   }))) || []), ...((extractedItemsDmarc === null || extractedItemsDmarc === void 0 ? void 0 : extractedItemsDmarc.map((cat, i) => ({
     id: `extractedItemsDmarc-${i}`,
     title: cat.title,
@@ -16068,13 +16292,15 @@ const SignalCardBimi$1 = /*#__PURE__*/forwardRef((props, ref) => {
     content: /*#__PURE__*/React__default.createElement(ExtractedCategoryContent, {
       category: cat,
       getTranslatedCaption: getTranslatedCaption
-    })
+    }),
+    testId: `bimi-dmarc-extracted-${i}`
   }))) || []), ...((infoItemsCategoriesBimi === null || infoItemsCategoriesBimi === void 0 ? void 0 : infoItemsCategoriesBimi.map((cat, i) => ({
     id: `checklistsBimi-${i}`,
     title: cat.title,
     content: /*#__PURE__*/React__default.createElement(Checklist$1, {
       items: cat.items
-    })
+    }),
+    testId: `bimi-record-section-${i}`
   }))) || []), ...((extractedItemsBimi === null || extractedItemsBimi === void 0 ? void 0 : extractedItemsBimi.map((cat, i) => ({
     id: `extractedItemsBimi-${i}`,
     title: cat.title,
@@ -16082,7 +16308,8 @@ const SignalCardBimi$1 = /*#__PURE__*/forwardRef((props, ref) => {
     content: /*#__PURE__*/React__default.createElement(ExtractedCategoryContent, {
       category: cat,
       getTranslatedCaption: getTranslatedCaption
-    })
+    }),
+    testId: `bimi-record-extracted-${i}`
   }))) || [])];
   if (VMCCertificate) {
     sections.push({
@@ -16090,7 +16317,8 @@ const SignalCardBimi$1 = /*#__PURE__*/forwardRef((props, ref) => {
       title: VMCCertificate.title,
       content: /*#__PURE__*/React__default.createElement(Checklist$1, {
         items: VMCCertificate.items
-      })
+      }),
+      testId: 'bimi-vmc-section'
     });
   }
   if (safeSVG) {
@@ -16099,14 +16327,14 @@ const SignalCardBimi$1 = /*#__PURE__*/forwardRef((props, ref) => {
       title: safeSVG.title,
       content: /*#__PURE__*/React__default.createElement(Checklist$1, {
         items: safeSVG.items
-      })
+      }),
+      testId: 'bimi-svg-section'
     });
   }
   const sectionIds = sections.map(s => s.id);
   // Generate summary items
   const introDescriptionContent = t('signal-description.BIMI_md_INTRO', {
-    context: 'Intro',
     defaultValue: '',
     returnObjects: true
   });
@@ -16125,7 +16353,9 @@ const SignalCardBimi$1 = /*#__PURE__*/forwardRef((props, ref) => {
       sections: sections,
       isCollapsible: isCollapsible,
       areAllCollapsed: areAllCollapsed,
-      onCollapseAll: onCollapseAll
+      onCollapseAll: onCollapseAll,
+      "data-testid": "signal-card-bimi",
+      "data-card-type": cardType
     }, restProps));
   } else {
     return null;
@@ -20648,7 +20878,8 @@ const SignalCardDmarcDomain$1 = /*#__PURE__*/forwardRef(function SignalCardDmarc
     title: cat.title,
     content: /*#__PURE__*/React__default.createElement(Checklist$1, {
       items: cat.items
-    })
+    }),
+    testId: `dmarc-domain-section-${i}`
   }))) || []), ...((extractedItemsCategories === null || extractedItemsCategories === void 0 ? void 0 : extractedItemsCategories.filter(cat => cat.items && cat.items.length > 0).map((cat, i) => {
     var _cat$extractionBox;
     return {
@@ -20659,7 +20890,8 @@ const SignalCardDmarcDomain$1 = /*#__PURE__*/forwardRef(function SignalCardDmarc
       content: /*#__PURE__*/React__default.createElement(ExtractedCategoryContent, {
         category: cat,
         getTranslatedCaption: getTranslatedCaption
-      })
+      }),
+      testId: `dmarc-domain-extracted-${i}`
     };
   })) || [])], [infoItemsCategories, extractedItemsCategories, useInvestigateColors, t]);
   return /*#__PURE__*/React__default.createElement(SignalCardNormal, _extends({
@@ -20682,7 +20914,9 @@ const SignalCardDmarcDomain$1 = /*#__PURE__*/forwardRef(function SignalCardDmarc
     bannerVariant: bannerVariant,
     isCollapsible: resolvedIsCollapsible,
     areAllCollapsed: resolvedAreAllCollapsed,
-    onCollapseAll: handleCollapseAll
+    onCollapseAll: handleCollapseAll,
+    "data-testid": "signal-card-dmarc-domain",
+    "data-card-type": cardType
   }));
 });
 SignalCardDmarcDomain$1.className = CLASSNAME$c;
@@ -23242,6 +23476,7 @@ const _excluded$7 = ["useInvestigateColors", "isCollapsible", "areAllCollapsed",
 const COMPONENT_NAME$7 = 'SignalCardSpf';
 const CLASSNAME$7 = 'redsift-signal-card-spf';
 const SignalCardSpf$1 = /*#__PURE__*/forwardRef((props, ref) => {
+  var _jmap$extsecrep;
   const {
       useInvestigateColors,
       isCollapsible,
@@ -23255,6 +23490,13 @@ const SignalCardSpf$1 = /*#__PURE__*/forwardRef((props, ref) => {
   const {
     t
   } = useSignalCardTranslation('investigate');
+  // Build SPF Checker link if domain is available
+  const spf = jmap === null || jmap === void 0 ? void 0 : (_jmap$extsecrep = jmap.extsecrep) === null || _jmap$extsecrep === void 0 ? void 0 : _jmap$extsecrep.spf;
+  const domain = spf === null || spf === void 0 ? void 0 : spf.domain;
+  const spfCheckerLink = domain && typeof domain === 'string' ? buildSPFCheckerLink(domain) : null;
+  const ctaButtonName = t('card.subdo.button-name');
+  const onCTAButtonClick = spfCheckerLink ? () => window.open(spfCheckerLink, '_blank') : undefined;
   const computeInitialState = useMemo(() => {
     const {
       spf
@@ -23388,7 +23630,9 @@ const SignalCardSpf$1 = /*#__PURE__*/forwardRef((props, ref) => {
     type: "SPF"
   }, restProps, {
     cardType: cardType !== null && cardType !== void 0 ? cardType : undefined,
-    sections: sections
+    sections: sections,
+    ctaButtonName: ctaButtonName,
+    onCTAButtonClick: onCTAButtonClick
   }));
 });
 SignalCardSpf$1.className = CLASSNAME$7;
@@ -23405,7 +23649,7 @@ const STATUS = {
   FAIL: 'fail'
 };
-const _excluded$6 = ["className", "jmap", "onHeightChange", "bannerVariant", "useInvestigateColors"];
+const _excluded$6 = ["className", "jmap", "onHeightChange", "bannerVariant", "useInvestigateColors", "renderFooter"];
 const COMPONENT_NAME$6 = 'SignalCardSpfDomain';
 const CLASSNAME$6 = 'redsift-signal-card-spf-domain';
@@ -23422,21 +23666,75 @@ const getCardType$1 = status => {
 /**
  * Get SPF check result
- * Simple pass/fail message - matches legacy behavior
+ * Simple pass/fail/warning message - matches legacy behavior
  */
 const getSpfCheck = status => {
   if (status === STATUS.PASS) {
     return {
       type: CARD_STATUS$1.GOOD,
-      text: 'SPF authentication passed'
+      text: /*#__PURE__*/React__default.createElement(React__default.Fragment, null, /*#__PURE__*/React__default.createElement(Spf, null), " authentication passed")
+    };
+  }
+  if (status === 'warning') {
+    return {
+      type: CARD_STATUS$1.WARNING,
+      text: /*#__PURE__*/React__default.createElement(React__default.Fragment, null, /*#__PURE__*/React__default.createElement(Spf, null), " authentication detected problems")
     };
   }
   return {
     type: CARD_STATUS$1.DANGER,
-    text: 'SPF authentication failed'
+    text: /*#__PURE__*/React__default.createElement(React__default.Fragment, null, /*#__PURE__*/React__default.createElement(Spf, null), " authentication failed")
   };
 };
+/**
+ * Get additional info items from the report array
+ * Matches legacy extractDataDomainSpf behavior
+ * Returns items with type='danger' for error messages from report
+ */
+const getReportItems = report => {
+  if (!report || !Array.isArray(report)) {
+    return [];
+  }
+  const items = [];
+  report.forEach(item => {
+    if (item.message === 'no-spf') {
+      items.push({
+        type: CARD_STATUS$1.DANGER,
+        text: 'No SPF configured for the domain.'
+      });
+    } else if (item.message === 'ipf-error-spf') {
+      var _item$spfError;
+      const errorMessage = (_item$spfError = item.spfError) !== null && _item$spfError !== void 0 && _item$spfError.startsWith('dns-io') ? 'Temporary DNS error' : `SPF error: ${item.spfError}`;
+      items.push({
+        type: CARD_STATUS$1.DANGER,
+        text: errorMessage
+      });
+    } else if (item.message === 'multiple-all') {
+      items.push({
+        type: CARD_STATUS$1.WARNING,
+        text: 'Multiple all mechanisms detected.'
+      });
+    } else if (item.message === 'all-plus-warning') {
+      items.push({
+        type: CARD_STATUS$1.WARNING,
+        text: 'All pass not recommended.'
+      });
+    } else if (item.message === 'all-not-last') {
+      items.push({
+        type: CARD_STATUS$1.WARNING,
+        text: 'All not last detected.'
+      });
+    } else if (item.message === 'extra-spf-lookups') {
+      items.push({
+        type: CARD_STATUS$1.WARNING,
+        text: 'Extra SPF lookups.'
+      });
+    }
+  });
+  return items;
+};
 /**
  * SignalCardSpfDomain Component
  *
@@ -23461,7 +23759,8 @@ const SignalCardSpfDomain$1 = /*#__PURE__*/forwardRef(function SignalCardSpfDoma
       jmap,
       onHeightChange,
       bannerVariant,
-      useInvestigateColors = false
+      useInvestigateColors = false,
+      renderFooter
     } = props,
     forwardedProps = _objectWithoutProperties(props, _excluded$6);
   const {
@@ -23471,19 +23770,30 @@ const SignalCardSpfDomain$1 = /*#__PURE__*/forwardRef(function SignalCardSpfDoma
   const {
     raw,
     status,
-    txtExtractedFrom
+    txtExtractedFrom,
+    domain,
+    report
   } = spf || {};
+  // Build SPF Checker link - use domain if available, fall back to txtExtractedFrom
+  const spfDomain = domain || txtExtractedFrom;
+  const spfCheckerLink = spfDomain && typeof spfDomain === 'string' ? buildSPFCheckerLink(spfDomain) : null;
+  const ctaButtonName = t('card.subdo.button-name');
+  const onCTAButtonClick = spfCheckerLink ? () => window.open(spfCheckerLink, '_blank') : undefined;
   // Handle both string and array formats for raw SPF record
-  // Take first record if array (BIMI Checker only needs to see one)
-  const rawRecord = useMemo(() => Array.isArray(raw) ? raw.length > 0 ? raw[0] : 'unknown' : raw || 'unknown', [raw]);
+  // Show "No SPF record found" for empty/missing records instead of "unknown"
+  const rawRecord = useMemo(() => {
+    if (Array.isArray(raw)) {
+      return raw.length > 0 ? raw[0] : 'No SPF record found';
+    }
+    // Check for empty string, null, or undefined
+    return raw && raw.trim() !== '' ? raw : 'No SPF record found';
+  }, [raw]);
   const cardType = useMemo(() => getCardType$1(status), [status]);
-  // Simple pass/fail check - matches legacy behavior
-  const infoItemsCategories = useMemo(() => [{
-    title: 'SPF',
-    items: [getSpfCheck(status)]
-  }], [status]);
+  // Build all checklist items: main status check + report items
+  const checklistItems = useMemo(() => [getSpfCheck(status), ...getReportItems(report)], [status, report]);
   // Simple extracted items - just show the SPF record with extraction box
   const extractedItemsCategories = useMemo(() => [{
@@ -23520,21 +23830,27 @@ const SignalCardSpfDomain$1 = /*#__PURE__*/forwardRef(function SignalCardSpfDoma
     if (!caption) return undefined;
     return t(EXTRACTION_CAPTION_KEYS[caption]);
   };
-  const sections = useMemo(() => [...extractedItemsCategories.filter(cat => cat.items && cat.items.length > 0).map((cat, i) => ({
+  const sections = useMemo(() => [
+  // SPF Policy section with DNS record
+  ...extractedItemsCategories.filter(cat => cat.items && cat.items.length > 0).map((cat, i) => ({
     id: `extractedItems-${i}`,
     title: cat.title,
     isCollapsible: true,
     content: /*#__PURE__*/React__default.createElement(ExtractedCategoryContent, {
       category: cat,
       getTranslatedCaption: getTranslatedCaption
-    })
-  })), ...infoItemsCategories.map((cat, i) => ({
-    id: `checklists-${i}`,
-    title: cat.title,
+    }),
+    testId: `spf-domain-extracted-${i}`
+  })),
+  // SPF status section with all checklist items (main status + report errors)
+  {
+    id: 'spf-status',
+    title: 'SPF',
     content: /*#__PURE__*/React__default.createElement(Checklist$1, {
-      items: cat.items
-    })
-  }))], [extractedItemsCategories, infoItemsCategories, useInvestigateColors, t]);
+      items: checklistItems
+    }),
+    testId: 'spf-domain-status-section'
+  }], [extractedItemsCategories, checklistItems, t]);
   if (!spf) return null;
   return /*#__PURE__*/React__default.createElement(SignalCardNormal, _extends({
     useInvestigateColors: useInvestigateColors
@@ -23546,9 +23862,20 @@ const SignalCardSpfDomain$1 = /*#__PURE__*/forwardRef(function SignalCardSpfDoma
     onComponentMount: handleComponentMount,
     sections: sections,
     bannerVariant: bannerVariant,
+    renderFooter: renderFooter,
+    ctaButtonName: ctaButtonName,
+    onCTAButtonClick: onCTAButtonClick,
+    shortDescription: t('signal-description.SPF_DOMAIN_md_SHORT', {
+      returnObjects: true
+    }),
+    longDescription: t('signal-description.SPF_DOMAIN_md_LONG', {
+      returnObjects: true
+    }),
     isCollapsible: true,
     areAllCollapsed: areAllCollapsed,
-    onCollapseAll: handleCollapseAll
+    onCollapseAll: handleCollapseAll,
+    "data-testid": "signal-card-spf-domain",
+    "data-card-type": cardType
   }));
 });
 SignalCardSpfDomain$1.displayName = COMPONENT_NAME$6;
@@ -23759,6 +24086,11 @@ const SignalCardSpfDomainAnalyzer$1 = /*#__PURE__*/forwardRef(function SignalCar
   } = spf || {};
   const recordsArray = useMemo(() => Array.isArray(records) ? records : [], [records]);
   const cardType = useMemo(() => getCardType(status), [status]);
+  // Build SPF Checker link if domain is available
+  const spfCheckerLink = domain && typeof domain === 'string' ? buildSPFCheckerLink(domain) : null;
+  const ctaButtonName = t('card.subdo.button-name');
+  const onCTAButtonClick = spfCheckerLink ? () => window.open(spfCheckerLink, '_blank') : undefined;
   const resolveT = useResolveTranslation(['investigate'], {
     prefixes: ['card.spf.', 'card.spf.spf-']
   });
@@ -23853,6 +24185,8 @@ const SignalCardSpfDomainAnalyzer$1 = /*#__PURE__*/forwardRef(function SignalCar
     onHeightChange: onHeightChange,
     bannerVariant: bannerVariant,
     useInvestigateColors: useInvestigateColors,
+    ctaButtonName: ctaButtonName,
+    onCTAButtonClick: onCTAButtonClick,
     shortDescription: t('signal-description.SPF_DOMAIN_ANALYZER_md_SHORT', {
       returnObjects: true
     }),