Security Score

Get the email security score for a domain with a detailed breakdown.

Get Security Score

GET /api/v1/domains/{id}/score

Path Parameters

Parameter	Type	Description
`id`	uuid	Domain ID

Response

json

{
  "data": {
    "score": 85,
    "grade": "B",
    "label": "Good",
    "usageType": "sends-and-receives",
    "lastCheckedAt": "2024-01-15T10:30:00Z",
    "breakdown": {
      "mx": {
        "configured": true,
        "tlsSupported": true,
        "daneSupported": false
      },
      "spf": {
        "valid": true,
        "policy": "~all"
      },
      "dkim": {
        "configured": true,
        "validSelectors": 2,
        "totalSelectors": 2
      },
      "dmarc": {
        "valid": true,
        "policy": "quarantine",
        "reportingConfigured": true
      },
      "mtaSts": {
        "valid": true,
        "mode": "testing"
      },
      "tlsRpt": {
        "valid": true,
        "reportingConfigured": true
      },
      "bimi": {
        "configured": false,
        "logoValid": false
      },
      "dnssec": {
        "enabled": true,
        "valid": true
      }
    }
  }
}

Example

bash

curl -H "Authorization: Bearer ms_your_token" \
  https://app.mailshield.app/api/v1/domains/550e8400-e29b-41d4-a716-446655440000/score

Score Calculation

The score (0-100) varies based on the domain's usage type.

Score Grades

Grade	Score Range	Label
A	90-100	Excellent
B	80-89	Good
C	70-79	Fair
D	60-69	Poor
F	0-59	Critical

Sends and Receives (Standard)

For domains that both send and receive email:

Component	Points	Description
MX	10	Valid records + TLS support
SPF	15	Valid record + strict policy
DKIM	10	Valid selectors with strong keys
DMARC	25	Policy + reporting configured
MTA-STS	10	Valid policy in enforce mode
TLS-RPT	10	Reporting configured
BIMI	5	Valid logo
DNSSEC	10	Enabled and valid
DANE	5	TLSA records configured

Receives Only

For domains that only receive email:

Component	Points	Description
MX	15	Valid records + TLS
SPF	15	Must be `-all`
DMARC	20	Must be `p=reject`
MTA-STS	15	Valid policy
TLS-RPT	10	Reporting configured
DNSSEC	15	Enabled and valid
DANE	10	TLSA records

Sends Only

For domains that only send email:

Component	Points	Description
MX	10	For bounce handling
SPF	20	Critical for sending
DKIM	20	Strong keys required
DMARC	25	Policy + reporting
BIMI	10	Brand visibility
DNSSEC	15	DNS protection

Parked Domains

For parked domains (normalized to 100):

Component	Points	Description
MX	10	Null MX preferred
SPF	15	Must be `-all`
DMARC	25	Must be `p=reject`
DNSSEC	10	Enabled and valid

No Score Response

If no DNS checks have been run yet:

json

{
  "data": {
    "score": null,
    "grade": null,
    "label": "Not checked",
    "message": "No DNS checks have been run yet. Use POST /api/v1/domains/:id/checks to run checks.",
    "lastCheckedAt": null
  }
}

Security Score ​

Get Security Score ​

Path Parameters ​

Response ​

Example ​

Score Calculation ​

Score Grades ​

Sends and Receives (Standard) ​

Receives Only ​

Sends Only ​

Parked Domains ​

No Score Response ​