EnforceLayer

Why 90+ Means Full Enforcement

Our scoring model is built around enforcement standards — not basic DNS presence checks.

Most domains have SPF. Many have DMARC. Few operate at full enforcement level.

Scoring Model v1.0 — Deterministic & Audit-Ready
Last Updated: February 16, 2025

Run a Free Scan

Presence Is Not Protection

Most tools check presence, not enforcement. A domain with DMARC p=none is often scored as "good". Relaxed alignment is rarely penalized. Missing reporting visibility is ignored.

  • SPF alone does not prevent spoofing
  • DMARC monitoring mode is not enforcement
  • Relaxed alignment allows edge-case abuse
  • Missing aggregate reports reduce visibility

How EnforceLayer Calculates Enforcement

Our score is built from five weighted components that reflect real enforcement posture.

  • DMARC Enforcement40 pts
  • DKIM Integrity25 pts
  • SPF Structural Health20 pts
  • BIMI Brand Authentication5 pts
  • Reporting Visibility10 pts

Scoring Model v1.0 — fully deterministic and audit-ready.

What a Score of 75 Really Indicates

75 is not failure. It indicates enforcement gaps — such as partial alignment, incomplete reporting visibility, or monitoring-mode DMARC policies. The domain functions, but does not meet enforcement-grade standards.

Typical gaps at 75: pct < 100, relaxed alignment, incomplete reporting (no ruf), DKIM selector uncertainty, structural SPF complexity. Even global brands often operate below full enforcement best practices.

Operational does not mean enforced.

Enforcement Levels Explained

Fully Enforced (90–100)

Benchmark Tier

Meets strict alignment, full enforcement, complete reporting visibility, and stable authentication structure.

  • Strict alignment
  • pct=100
  • Full reporting
  • Stable SPF
  • Verified DKIM

Enforcement Gap (75–89)

  • Enforcement gaps remain
  • Monitoring or relaxed alignment
  • Incomplete reporting visibility

Weak Enforcement (50–74)

  • Significant enforcement weaknesses
  • Structural risk
  • Limited reporting

Unprotected (<50)

  • Spoofing exposure
  • High delivery instability

Why 90+ Is the Benchmark

Major providers increasingly require strict alignment. Enforcement drift increases business risk. Alignment gaps create attack surface. Monitoring-only DMARC is not policy enforcement.

EnforceLayer does not measure configuration. We measure enforcement.

DNS configuration is easy. Enforcement discipline is rare. That is what we measure.

Scan Your Domain