sysadmintools
Free ยท No login ยท One click

How Exposed Are You?

Get a letter grade and shareable badge for any domain's public security posture. We check email authentication, TLS certificates, exposed services, and DNS health โ€” the four things that actually matter when you want to look like you run a tight ship.

What does the grade mean?

We score four categories out of 100. Each category is graded individually, and the overall band is:

  • A โ€” 90+: rare. Hardened against phishing, has fresh TLS, no exposed services.
  • B+ โ€” 80โ€“89: tight posture, missing one polish item.
  • B โ€” 70โ€“79: solid, fix a few things to level up.
  • C+ โ€” 60โ€“69: protection holes, likely DMARC at quarantine or missing DNSSEC.
  • C โ€” 50โ€“59: works, but spoofable or scannable.
  • F โ€” under 50: significant exposure.

Email (35 pts) โ€” DMARC at p=reject, SPF ending in -all, DKIM at any common selector. TLS (25 pts) โ€” valid chain, expires in 30+ days, supports TLS 1.3, ECDSA. Ports (20 pts) โ€” no exposed SSH/RDP/database ports. DNS (20 pts) โ€” DNSSEC validates, 3+ nameservers, IPv6 reachable.

All probes run from our server against the domain's public records. We do not need access to anything inside your network. No login, no install, no permissions.