Home › Email Security Scorecard

Email Security Scorecard

Get one A-F grade for a domain's complete email-authentication posture.

Free • no sign-up • runs live in your browser.

One grade for your whole email setup

This scorecard runs every major email-authentication and DNS-security check for a domain — SPF, DKIM, DMARC, DNSSEC, MTA-STS, TLS-RPT and BIMI — and rolls them into a single weighted score and letter grade, with the heaviest weight on the records that actually stop spoofing (SPF, DKIM, DMARC).

From grade to fix

Anything less than an A points to a gap. Use the linked SPF and DMARC generators to create the missing records, publish them, and re-run the scorecard to confirm your grade improved.

Frequently asked questions

How is the grade calculated?

Each mechanism is weighted by importance (DMARC and SPF/DKIM highest) and scored pass/partial/missing, then combined into a 0-100 score mapped to an A-F grade.

Why did I get a B with everything set up?

Common reasons: DMARC at p=none instead of quarantine/reject, an SPF nearing the lookup limit, or DKIM on a custom selector we couldn't detect.

Is BIMI or MTA-STS required for a good score?

No — they're bonuses. You can reach an A with strong SPF, DKIM and an enforcing DMARC policy; MTA-STS, TLS-RPT and BIMI add polish.

More tools

DNS Lookup
All record types
DNS Health Check
Full domain report
Email Scorecard
Graded SPF/DKIM/DMARC
Propagation
Compare resolvers
IP Lookup
Geo, ASN, rDNS
WHOIS
Registration data