How Exposed Are You?
Get a letter grade and shareable badge for any domain's public security posture. We check email authentication, TLS certificates, exposed services, and DNS health โ the four things that actually matter when you want to look like you run a tight ship.
Or try a featured domain:
What does the grade mean?
We score four categories out of 100. Each category is graded individually, and the overall band is:
- A โ 90+: rare. Hardened against phishing, has fresh TLS, no exposed services.
- B+ โ 80โ89: tight posture, missing one polish item.
- B โ 70โ79: solid, fix a few things to level up.
- C+ โ 60โ69: protection holes, likely DMARC at quarantine or missing DNSSEC.
- C โ 50โ59: works, but spoofable or scannable.
- F โ under 50: significant exposure.
Email (35 pts) โ DMARC at p=reject, SPF ending in -all, DKIM at any common selector. TLS (25 pts) โ valid chain, expires in 30+ days, supports TLS 1.3, ECDSA. Ports (20 pts) โ no exposed SSH/RDP/database ports. DNS (20 pts) โ DNSSEC validates, 3+ nameservers, IPv6 reachable.
All probes run from our server against the domain's public records. We do not need access to anything inside your network. No login, no install, no permissions.