Forecasting Your Domain Security Score: How to Plan for p=reject
Enforcement planning needs trajectory, not just snapshots. Here is how to predict when your domain will be reject-ready.
Why enforcement planning needs trajectory
Moving from p=none to p=reject is the highest-stakes change in email security. Get it right and you eliminate domain spoofing. Get it wrong and legitimate email starts bouncing. The decision to enforce should not be based on how your domain looks today. It should be based on whether the trend is actually heading toward enforcement readiness.
A domain with an 82% compliance score might look close to ready, but if that score has been flat for six weeks because two senders are stuck on broken DKIM configurations, it is not going anywhere. Conversely, a domain at 71% that has improved 4 points per week for the last month is on a clear path to enforcement. Snapshots hide these dynamics. Forecasts reveal them.
How SpoofSentry projects scores at 30, 60, and 90 days
Navigate to any domain's detail page to see the forecast chart. SpoofSentry calculates projected scores at three intervals: 30 days, 60 days, and 90 days from today. Each projection includes a confidence interval that widens over time, reflecting the increasing uncertainty of longer-term predictions. The forecast updates daily as new DMARC report data arrives.
The model uses your historical compliance data going back up to 180 days, with more weight given to recent observations. This means the forecast responds quickly to real changes — such as a new sender completing DKIM setup — without being thrown off by old data from months ago when your configuration was in a different state.
The algorithm: weighted linear regression
SpoofSentry uses weighted linear regression where each data point's influence decays exponentially with age. A compliance measurement from yesterday has roughly twice the weight of one from two weeks ago, and four times the weight of one from a month ago. This decay function ensures the model tracks your current trajectory rather than your historical average.
The regression runs independently across each scoring dimension (SPF alignment, DKIM alignment, sender authorization coverage, policy strength) and then combines the dimension-level forecasts into a composite score projection. This decomposition is important because it enables the next feature: identifying which dimensions are driving the forecast up or down.
Key drivers: what is improving and what needs attention
Below the forecast chart, SpoofSentry displays the key drivers behind the projection. Each scoring dimension shows its individual trend direction (improving, stable, or declining) and its contribution to the overall forecast.
If your composite score is projected to stall at 85% in 60 days, the key drivers section might show that SPF alignment is improving (+2 points projected), DKIM alignment is stable, but sender authorization coverage is declining (-3 points projected) because a newly discovered sender has not been classified yet. This tells you exactly where to focus: authorize that sender and your forecast shifts upward immediately.
Using forecasts to set enforcement timelines
Score forecasting turns enforcement discussions from opinions into data. Instead of debating whether your domain is "ready enough" for quarantine, you can show stakeholders a chart: the forecast crosses the reject-ready threshold in 38 days if current trends continue, with a 90% confidence interval of 30 to 52 days.
This is particularly valuable for organizations with compliance deadlines. If a regulatory requirement mandates p=reject by a specific date, the forecast tells you whether you are on track and, if not, exactly which remediation actions would change the trajectory. You can model scenarios: "if we fix DKIM for these two senders, the projected date moves forward by 12 days."
For organizations managing multiple domains, the forecast view also helps prioritize which domains to focus on first. Domains with strong upward trajectories may need minimal intervention, while domains with flat or declining forecasts need immediate attention.
Start forecasting your path to enforcement
Score forecasting is available on SpoofSentry Pro and Enterprise plans. Forecasts begin generating after approximately 14 days of DMARC report data, with accuracy improving as the historical window grows.