sysadmintools
Free · No login · One click

How Exposed Are You?

Get a letter grade and shareable badge for any domain's public security posture. We check email authentication, TLS certificates, exposed services, and DNS health — the four things that actually matter when you want to look like you run a tight ship.

What does the grade mean?

We score four categories out of 100. Each category is graded individually, and the overall band is:

  • A — 90+: rare. Hardened against phishing, has fresh TLS, no exposed services.
  • B+ — 80–89: tight posture, missing one polish item.
  • B — 70–79: solid, fix a few things to level up.
  • C+ — 60–69: protection holes, likely DMARC at quarantine or missing DNSSEC.
  • C — 50–59: works, but spoofable or scannable.
  • F — under 50: significant exposure.

Email (35 pts) — DMARC at p=reject, SPF ending in -all, DKIM at any common selector. TLS (25 pts) — valid chain, expires in 30+ days, supports TLS 1.3, ECDSA. Ports (20 pts) — no exposed SSH/RDP/database ports. DNS (20 pts) — DNSSEC validates, 3+ nameservers, IPv6 reachable.

All probes run from our server against the domain's public records. We do not need access to anything inside your network. No login, no install, no permissions.