Scoring, Grades, and Confidence
The top-line score is designed to be useful quickly, but it is not the whole story. Read score and grade alongside risk summary, assessment confidence, coverage notes, and mail-flow interpretation.
What drives the score
The engine weights SPF, DMARC, DKIM, MX, MTA-STS, TLS-RPT, and BIMI. Missing or monitoring-only DMARC can cap the score sharply, and missing selector-aware DKIM coverage keeps otherwise strong domains out of top-band results. The current published scoring model version is 11.
What explains the result
Use score_breakdown, risk, assessment_confidence, and coverage_summary to understand why a domain landed where it did and what is still provisional.
Current Grade Bands
| Grade | Score Range | Interpretation |
|---|---|---|
| A+ | 95-100 | Near-perfect visible posture or protected no-mail apex posture with strong evidence. |
| A | 85-94 | Strong visible controls with better coverage and fewer gaps. |
| B | 70-84 | Useful, generally solid posture with meaningful missing coverage or hardening gaps still present. |
| C | 55-69 | Mixed posture with at least one major weakness. |
| D | 40-54 | Material anti-spoofing gaps or weak enforcement. |
| F | 0-39 | Compound failures or clearly unsafe posture. |
Risk
The risk summary explains spoofing risk, deliverability risk, enforcement status, and top actions.
Confidence
High, medium, or low confidence reflects how complete the evidence was for the final assessment.
Mail Flow
Use mail_flow_profile and mail_flow_note before comparing protected no-mail apexes to active sender domains.