How Exposed Are You?
Get a letter grade and shareable badge for any domain's public security posture. We check email authentication, TLS certificates, exposed services, and DNS health — the four things that actually matter when you want to look like you run a tight ship.
Or try a featured domain:
What does the grade mean?
We score four categories out of 100. Each category is graded individually, and the overall band is:
- A — 90+: rare. Hardened against phishing, has fresh TLS, no exposed services.
- B+ — 80–89: tight posture, missing one polish item.
- B — 70–79: solid, fix a few things to level up.
- C+ — 60–69: protection holes, likely DMARC at quarantine or missing DNSSEC.
- C — 50–59: works, but spoofable or scannable.
- F — under 50: significant exposure.
Email (35 pts) — DMARC at p=reject, SPF ending in -all, DKIM at any common selector. TLS (25 pts) — valid chain, expires in 30+ days, supports TLS 1.3, ECDSA. Ports (20 pts) — no exposed SSH/RDP/database ports. DNS (20 pts) — DNSSEC validates, 3+ nameservers, IPv6 reachable.
All probes run from our server against the domain's public records. We do not need access to anything inside your network. No login, no install, no permissions.