Email Security Score
Run all 5 checks at once and get a single 0–100 score with a letter grade for your domain.
Frequently Asked Questions
How is the email security score calculated?
The score is a weighted 0–100 calculation based on five checks: DMARC policy enforcement level (highest weight), SPF record presence and strength, DKIM signing configuration, MTA-STS enforcement, and blacklist status across 12 DNSBL zones. A domain with full DMARC reject enforcement, valid SPF and DKIM, and a clean blacklist status will score in the 90–100 range.
What is a good email security score?
Scores 80–100 (grade A or B) indicate strong protection — your domain has valid SPF, DKIM, and DMARC enforcement and is not blacklisted. Scores 50–79 (grade C or D) indicate significant gaps, typically DMARC set to p=none or missing DKIM. Scores below 50 (grade F) suggest the domain is vulnerable to spoofing and likely has deliverability issues with major mail providers.
What checks are included in the email security score?
The score runs five checks simultaneously: (1) SPF record validity, DNS lookup count, and enforcement strength; (2) DKIM signing key presence and key strength across 22+ selectors; (3) DMARC policy enforcement level, alignment settings, and reporting configuration; (4) MTA-STS policy file and TLS-RPT reporting; (5) blacklist status across 12 major DNSBL zones. Results are weighted and combined into a single letter-graded score.
Can improving my email security score improve deliverability?
Yes. A higher email security score directly correlates with better inbox placement. Gmail, Microsoft 365, and other major providers use SPF, DKIM, and DMARC authentication as key deliverability signals. Domains without DMARC enforcement or with blacklisted IPs see significantly higher spam filter rates. Moving from p=none to p=reject and fixing SPF errors typically shows measurable deliverability improvement within days.
How often should I check my email security score?
Run a check after any change to your email infrastructure — adding a new platform, switching email providers, or migrating DNS. For actively monitored domains, a monthly manual check is the minimum. DNS records can be accidentally deleted, DKIM keys can expire, and IPs can become blacklisted at any time without visible symptoms until email delivery starts failing.