Domain Security Score

The domain security score evaluates seven dimensions of email-authentication and DNS hygiene: SPF record validity and alignment, DKIM key presence and configuration, DMARC policy strength and reporting setup, BIMI record publication, MTA-STS policy enforcement, DNSSEC signing status, and dangling DNS exposure.

Each dimension is checked against current best practices, not just whether a record exists. A domain with a syntactically valid SPF record that exceeds the 10-lookup limit, for example, loses points because receivers may ignore the record entirely. The score reflects real-world protection, not checkbox compliance.

The score is a 100-point composite. DMARC enforcement posture carries the heaviest weight because it directly controls how receivers handle unauthenticated mail. SPF and DKIM alignment contribute the next largest share, followed by MTA-STS, BIMI, DNSSEC, and dangling DNS.

Weighting is intentional: a domain at p=reject with valid SPF and DKIM scores higher than a domain with perfect ancillary records but no DMARC enforcement. Active threat signals like spoofing volume can also reduce the score, surfacing domains that are technically configured but still under attack due to incomplete sender coverage.

SpoofSentry records your domain score at every scan interval, building a historical trend line you can review in the dashboard or include in reports. See exactly when a score changed, what triggered the change, and whether the movement was positive or negative.

Score history is available per domain, per domain group, and at the portfolio level. Use trend data during quarterly business reviews to demonstrate progress, justify investment, or identify domains that have regressed and need attention.

Domain security scores translate technical posture into a language that leadership and non-technical stakeholders understand. Include scores in executive reports, compliance snapshots, and board-level summaries without requiring the audience to parse raw DNS records.

Scores map to letter grades (A through F) for quick visual comprehension. Drill into any score to see the per-dimension breakdown, making it easy for technical teams to act on specific findings while leadership tracks the top-level number.

Want to see your score before signing up? The SpoofSentry free domain security scanner runs the same checks used by the full platform and returns your composite score, per-dimension breakdown, and actionable recommendations in seconds. No account required.

Use the free tool to benchmark your domain, share results with colleagues, or evaluate how far you are from full enforcement. When you are ready for continuous monitoring, historical tracking, and portfolio-level visibility, upgrade to the full platform.