Tools Guides
      Back to home
      1. Help Center
      2. Tools Guides

      Domain Score

      Customers and partners can now check a domain's overall score through the new "Know Your Score" page. This page focuses on the changes needed to fully safeguard a domain and is based on Sendmarc recommendations.

      Available on Sendmarc Tools - Linked Below

      Sendmarc Tools

      How is the new score calculated?

      The Domain Score is now calculated out of 100 and we break it down into 3 areas with a rating out of 5:

      1. Impersonation Rating (5/5)

      Your impersonation rating looks at the likelihood of your organisation’s domain being used in impersonation attacks. There are a few settings in your DNS records which can help to prevent such attacks and we check to see if they have been set up correctly.

      DMARC - Domain-based Message Authentication, Reporting and Conformance

      The DMARC record defines your domain’s DMARC policy, it specifies what receiving email servers should do with emails received from your domain.

      SPF - Sender Policy Framework

      The SPF record contains a list of mail servers which you have authorized to send emails on your behalf.

       

      DKIM - DomainKeys Identified Mail

      The DKIM record stores the public key, which is used to verify any email signed with the private key, this way the message is associated with the domain.

      The Impersonation Rating was previously known as "Know Your Score".

      2. Privacy Rating (5/5)

      Your privacy rating looks at whether your mail server providers have been set up correctly to receive TLS-secure SMTP connections.

      TLS-RPT or SMTP TLS Reporting - Transport Layer Security Reporting

      Enables sending systems to share statistics and information about failures with recipient domains.

      MTA-STS - Mail Transfer Agents - Strict Transport Security

      Enables mail service providers to declare their ability to receive TLS secure SMTP connections.

      3. Branding Rating (5/5)

      Your branding rating looks at whether your organization's domain branding has been set up correctly by looking at the BIMI record.

      BIMI - Branders Indicators for Message Identification

      While the validity of DNS records can affect the ratings, it will not assist the user in finding the potential problem, it will merely suggest that action is required. The Domain Analysis tools works best to troubleshoot DNS Records.

      Domain Score Report

      Summary View

      Once the user has entered a domain for scoring, we will display the risk level with a message and a summary of areas that require attention.

      The 3 Risk Levels for Overal Domain Score are:

      1. High Risk - You don't have effective controls in place to protect your domain from impersonation and interception of email communication. This puts your brand and email recipients at risk of attacks, reduces trust, and can damage email deliverability.

      2. Moderate Risk - You have some measures in place to protect recipients from malicious emails from your domain. Attention should be paid to areas where controls can be improved. These measures build trust in your brand, protect recipients from attacks and help ensure email is delivered effectively.

      3. Low Risk - Email from your domain is highly secure from impersonation and interception and recipients will see your branding in communication. These measures build trust in your brand, protect recipients from attacks and help ensure email is delivered effectively.

      Detailed Report View

      Once the summary view is expanded it will display a detailed report view for each of the areas (Impersonation, Privacy and Branding) and give a score out of 5 with a message to explain the results. As well as a breakdown of the areas being checked.

      On all DNS Record checks, the user can do a deep analysis of the record, by clicking "Analyze". This will take them to the Domain Analysis page which checks validity:

      At the bottom of the report, you can download a PDF version of the report or continue to Analyze the entire set of DNS records:

      Helpful tooltips are there to explain each section of the report for better understanding:

      1. Impersonation Rating

      For your Impersonation Rating, we look at the domain's DMARC, SPF, and DKIM implementation and give a rating out of 5 with a message. For each check, we display the results and indicate if action is required or not.

      The 3 Risk Levels for Impersonation Rating are:

      • High Risk - There is little or no protection at all of your domain, with the highest probability that your domain and therefore your company name may be hijacked by criminals and used in fraudulent email activities.

      • Moderate Risk - Your domain configuration requires one more change. Deliverability of legitimate email may be disrupted and some messages may land in Spam or Junk folders. Savvy cybercriminals could impersonate your domain.

      • Low Risk - Your organization has a very low risk of your name being used by criminals in fraudulent email activities. Domains with a score of 5 are 100% DMARC compliant and are protected from impersonation and phishing attacks.

      2. Privacy Rating

      For your Privacy Rating, we look at the domain's TLS-RPT and MTA-STS implementation and give a rating out of 5 with a message. For each check, we display the results and indicate if action is required or not.

      The 3 Risk Levels for Privacy Rating are:

      • High Risk - Your domain has minimal to no safeguards in place for email privacy, posing a high risk that your communications could be intercepted or compromised by unauthorized parties. While most senders encrypt communication by default, it is important to enforce policies for those that don't.

      • Moderate Risk - Your enforcement of encryption for email communication requires attention. Your emails could be intercepted if sending isn't secured.

      • Low Risk - Your email communication is at low risk of being intercepted by or visible to cybercriminals. Your domain enforces effective encryption standards and you'll receive reporting on enforcement of these measures.

      3. Branding Rating

      For your Branding Rating, we look at the domain's BIMI implementation and give a rating out of 5 with a message. For each check, we display the results and indicate if action is required or not.

      The 3 Risk Levels for Branding Rating are:

      • High Risk - You have not effectively implemented email inbox branding for your domain. Branding builds trust and assures recipients that an email is authentic. We recommend that you fully implement BIMI for better recognition.

      • Moderate Risk - Your email branding configuration requires some attention. Your logo and verified sender mark may be displayed in certain email clients but most require a fully implemented BIMI record to display branding.

      • Low Risk - Your organization effectively uses branding to build trust through emails. Your logo and verified sender mark will be visible to recipients in email clients that support BIMI.

      4. Common Records

      Together with your Ratings, we give you results of areas that have been checked in your common record. This gives insights into the type of domain being checked.

      Common records included are:

      • NS Records
      • MX Records
      • A Records

      Need Help?

      support@sendmarc.com is standing by to assist!