MailShield
All posts
News

Introducing MailShield Security Scoring

4 min read
Introducing MailShield Security Scoring

We built MailShield because email security monitoring was too fragmented and too technical. One of the clearest symptoms of that problem: there was no simple way to answer the question "how secure is my domain's email?"

Today we're introducing MailShield Security Scoring, a single 0-100 score that tells you exactly where your domain stands, what's working, and what needs attention.

Why a score matters

Email security involves eight different protocols, each with its own configuration, its own failure modes, and its own best practices. Asking a non-technical stakeholder to evaluate SPF lookup counts or DMARC alignment modes is unrealistic.

A score changes the conversation. Instead of "our DMARC policy is p=none with relaxed alignment," you can say "our email security score is 62 out of 100. Here's what we need to do to improve it." It makes email security accessible to everyone on your team, from the IT administrator to the CEO.

How it works

Your security score is calculated by evaluating your domain across all eight email security protocols: SPF, DKIM, DMARC, MX, MTA-STS, TLS-RPT, BIMI, and DNSSEC/DANE.

Each protocol contributes to the overall score, weighted by its importance to your domain's email security. The core authentication protocols (SPF, DKIM, DMARC) carry the most weight because they have the biggest impact on deliverability and impersonation protection. Supporting protocols (MTA-STS, TLS-RPT, BIMI, DNSSEC) contribute additional points.

Score ranges

We map the 0-100 score to letter grades that make the assessment immediately understandable:

  • 90-100 (Excellent): your email security is comprehensive. All major protocols are properly configured and your domain is well-protected.
  • 70-89 (Good): core authentication is in place but there are opportunities to strengthen your posture with additional protocols.
  • 50-69 (Fair): basic protections exist but significant gaps remain. Immediate attention recommended.
  • 0-49 (Poor): critical email security configurations are missing or misconfigured. Your domain is at risk.

What the score measures

For each protocol, we check multiple factors:

  • Presence: is the record published? Is it syntactically valid?
  • Configuration quality: is the SPF record under 10 lookups? Is the DMARC policy stronger than p=none? Are DKIM keys using strong algorithms?
  • Best practices: is there a DMARC reporting address? Does the MTA-STS policy use enforce mode? Are TLS certificates valid and not expiring soon?
  • Consistency: do the protocols work together? Does DKIM alignment match the DMARC policy? Do MX records match the MTA-STS policy?

Improving your score

Your score isn't just a number. It comes with specific, actionable recommendations. We tell you exactly what's lowering your score and what to do about it, prioritized by impact.

For example, adding a DMARC record to a domain that doesn't have one is typically worth more points than adding BIMI to a domain that already has strong authentication. We help you focus on the changes that matter most.

Your score updates automatically as you make changes. Fix an issue, and your score reflects the improvement within minutes. This creates a natural feedback loop that makes email security feel achievable rather than overwhelming.

Try it now

Add your domain to MailShield and see your security score in under a minute. It's free for up to 2 domains, no credit card required. See where you stand, understand what needs to improve, and track your progress over time.

Check your domain now

See your email security score in under a minute. Free for up to 2 domains.

Get Started FreeMore articles