Sendmarc Impersonation, Privacy and Branding Scores

Customers and partners can now check a domain's overall score through the "Know Your Score" page.

URL: https://tools.sendmarc.com/

The Domain Score is now calculated out of 100 and we break it down into 3 areas with a rating out of 5:

1. Impersonation Rating (5/5)

Your impersonation rating looks at the likelihood of your organisation’s domain being used in impersonation attacks. There are a few settings in your DNS records which can help to prevent such attacks and we check to see if they have been setup correctly.

DMARC - Domain-based Message Authentication, Reporting and Conformance

The DMARC record defines your domain’s DMARC policy, it specifies what receiving email servers should do with emails received from your domain.

SPF - Sender Policy Framework

The SPF record contains a list of mail servers which you have authorized to send emails on your behalf.

DKIM - DomainKeys Identified Mail

The DKIM record stores the public key, which is used to verify any email signed with the private key, this way the message is associated with the domain.

2. Privacy Rating (5/5)

Your privacy rating looks at whether your mail server providers has been setup correctly to receive TLS secure SMTP connections.

TLS-RPT or SMTP TLS Reporting - Transport Layer Security Reporting

Enables sending systems to share statistics and information about failures with recipient domains.

MTA-STS - Mail Transfer Agents - Strict Transport Security

Enables mail service providers to declare their ability to receive TLS secure SMTP connections.

3. Branding Rating (5/5)

Your branding rating looks at whether your organization's domain branding has been setup correctly by looking at the BIMI record.

BIMI - Branders Indicators for Message Identification

Domain Score Report

Summary View

Once the user has entered a domain for scoring, we will display the risk level with a message and a summary on areas that require attention.

The 3 Risk Levels for Overal Domain Score are:

1. High Risk (Lower than 50) - You don't have effective controls in place to protect your domain from impersonation and interception of email communication. This puts your brand and email recipients at risk of attacks, reduces trust, and can damage email deliverability.
2. Moderate Risk (50 or greater)- You have some measures in place to protect recipients from malicious email from your domain. Attention should be paid to areas where controls can be improved. These measures build trust in your brand, protect recipients from attacks and help ensure email is delivered effectively.
3. Low Risk (80 or greater)- Email from your domain is highly secure from impersonation and interception and recipients will see your branding in communication. These measures build trust in your brand, protect recipients from attacks and help ensure email is delivered effectively.

Detailed Report View

Once summary view is expanded it will display a detailed report view for each of the areas (Impersonation, Privacy and Branding) and give a score out of 5 with a message to explain the results. As well as a breakdown of the areas being checked.

On all DNS Record checks, the user can do a deep analysis of the record, by clicking "Analyze". This will take them to the Domain Analysis page which checks validity:

 

At the bottom of the report they can Email the Detailed Report, Download a PDF version of the report or continue to Analyze the entire set of DNS records:

 

Helpful tooltips are there to explain each section of the report for better understanding:

1. Impersonation Rating

For your Impersonation Rating we look at the domain's DMARC, SPF, DKIM implementation and give a rating out of 5 with a message. For each check we display the results and indicate if action is required or not.

The 3 Risk Levels for Impersonation Rating are:

• High Risk - There is little or no protection at all of your domain, with the highest probability that your domain and therefore your company name may be hijacked by criminals and used in fraudulent email activities.
• Moderate Risk - Your domain configuration requires one more change. Deliverability of legitimate email may be disrupted and some messages may land in Spam or Junk folders. Savvy cybercriminals could impersonate your domain.
• Low Risk - Your organization has very low risk of your name being used by criminals in fraudulent email activities. Domains with a score of 5 are 100% DMARC compliant and are protected from impersonation and phishing attacks.

2. Privacy Rating

For your Privacy Rating we look at the domain's TLS-RPT and MTA-STS implementation and give a rating out of 5 with a message. For each check we display the results and indicate if action is required or not.

The 3 Risk Levels for Privacy Rating are:

• High Risk - Your domain has minimal to no safeguards in place for email privacy, posing a high risk that your communications could be intercepted or compromised by unauthorized parties. While most senders encrypt communication by default, it is important to enforce policies for those that don't.
• Moderate Risk - Your enforcement of encryption for email communication requires attention. Your emails could be intercepted if sending isn't secured.
• Low Risk - Your email communication is at low risk of being intercepted by or visible to cybercriminals. Your domain enforces effective encryption standards and you'll receive reporting on enforcement of these measures.

3. Branding Rating

For your Branding Rating we look at the domain's BIMI implementation and give a rating out of 5 with a message. For each check we display the results and indicate if action is required or not.

The 3 Risk Levels for Branding Rating are:

• High Risk - You have not effectively implemented email inbox branding for your domain. Branding builds trust and assures recipients that an email is authentic. We recommend that you fully implement BIMI for better recognition.
• Moderate Risk - Your email branding configuration requires some attention. Your logo and verified sender mark may display in certain email clients but most require a fully implemented BIMI record to display branding.
• Low Risk - Your organization effectively uses branding to build trust through emails. Your logo and verified sender mark will be visible to recipients in email clients that support BIMI.

4. Common Records

Together with your ratings we give you results of common records that have been checked in your Domain Name System . This gives further insights into the type of domain being checked.

• NS Record - Specifies which name servers are authoritative for a domain. These name servers are responsible for providing information about the domain, such as translating domain names into IP addresses.
• MX Record - Specifies which mail server are responsible for receiving emails on behalf of a domain. The presence of a MX record indicates that the domain could be an email sending domain.
• A Record - Maps a domain to the physical IP address of the computer hosting that domain. It indicates a web presence.

Overall Classifications

• Overall Score

  • >80 = Low Risk
  • <80 - >50 = Moderate Risk
  • <50 = High Risk

• Ratings

  • 5/5 = Low Risk
  • 4/5 = Moderate Risk
  • 1-3/5 = High Risk

Overall Weighting Breakdown

Need Help?