Scout logo Scout Documentation
Back

Overview

Scout performs an assessment of a domain's email security posture and converts disparate data points into a concise risk snapshot in an easy to understand interface. Quickly identify potential email stability issues and address configurations that specifically allow you to better protect your brand, and those that trust it, against cyber enabled fraud.

Designed for low friction: Enter a domain and receive a unified view of SPF / DKIM / DMARC / PTR plus lightweight infrastructure context. No account needed.

  • Unified risk score (0–100%) plus a concise /10 badge for quick review.
  • Per-record validation with targeted explanations and remediation cues.
  • Infrastructure context: shared vs dedicated classification and provider trust indicators.
  • Duplicate include: detection to reduce SPF lookup pressure.
  • Simple JSON API for automation and monitoring workflows.

Quick Start

  1. Enter a domain (e.g., example.org).
  2. Review the score and gradient bar for an initial posture assessment.
  3. Expand SPF / DKIM / DMARC panels to view pass / fail details with supporting evidence.
  4. Address red (critical) findings first, then amber warnings (lookup usage, weak policies, etc.).
  5. Allow DNS to propagate, re-run to verify remediation.

Need guidance? Trying to solve a specific security related problem? Maybe you're trying to tackle malicious fraud related spoofing? We can assist! help@certra.co.za

Core Concepts

Risk Scoring

The score combines record correctness, policy strictness, structural health (lookup count, duplication), and infrastructure hygiene context. A higher score indicates reduced residual risk and more stable deliverability.

  • 90–100: Strong posture—maintain monitoring and incremental hardening.
  • 70–89: Functional baseline—prioritize closing enforcement and efficiency gaps.
  • <70: Elevated exposure—resolve fundamental misconfigurations promptly.

Section Status

Each section exposes a status: Green indicates configuration is sound; Red signals material defects. Amber highlights transitional or capacity conditions (e.g., nearing the SPF 10 lookup threshold).

Infrastructure Findings

Infrastructure findings surface patterns (extensive shared hosting, higher-risk providers, consolidation of services) that may warrant broader platform adjustments beyond record edits.

Spoofability Grading

The Spoofability Grading evaluates how easily a domain can be impersonated in email attacks. It combines the strength of your SPF, DKIM, and DMARC configurations into a single grade that indicates your domain's resilience against spoofing.

This assessment appears automatically when the upstream analysis includes spoof-risk data. If it is not shown, the data was not available for the scanned domain at the time of the scan.

Grade Scale

GradeRatingMeaning
1–2Reliably Not SpoofableStrong protections in place. SPF, DKIM, and DMARC are correctly configured and enforcing, making it very difficult for attackers to send email as your domain.
3–4Moderate RiskSome protections present but gaps exist. For example, DMARC may be set to p=none (monitoring only), or SPF uses a soft-fail qualifier. Attackers may succeed in certain scenarios.
5+Easily SpoofableThe domain lacks meaningful protections. Missing DMARC, permissive SPF (+all), or absent DKIM leave the door wide open for impersonation.

Contributing Factors

The grade is derived from several factors that are individually assessed and displayed when you click through to the detail view:

  • SPF Valid — Whether a syntactically correct SPF record exists.
  • SPF Qualifier — The all mechanism qualifier: -all (hardfail) is strongest, ~all (softfail) is acceptable, +all is critically dangerous.
  • SPF Effective — Whether SPF is functionally protecting the domain (not exceeding lookup limits, no conflicting records).
  • SPF Permissive — Flags overly broad SPF records that authorize too many senders.
  • DKIM Valid — Whether a valid DKIM signing configuration was detected.
  • DMARC Policy — The DMARC policy in effect: reject or quarantine provide protection; none provides only monitoring.
  • DMARC Percentage — The pct tag controlling what percentage of messages the DMARC policy applies to. 100% is recommended.
  • Has DMARC — Whether a DMARC record exists at all.

Critical: An SPF record with +all permits any server to send as your domain. This completely negates SPF protection and undermines DMARC enforcement, making the domain trivially spoofable regardless of other configurations.

Need help improving your spoofability grade? We can guide you through enforcement. help@certra.co.za

Visually Similar Domain Scanning

The visually similar domain scan enumerates domains that are visually or typographically similar to your original domain. This helps identify potential phishing, brand impersonation, or typo-squatting risks that could impact your organization or users.

Why it matters: Attackers often register lookalike domains to trick users, intercept email, or impersonate brands. Early detection enables proactive defense and takedown.

Badges

  • The original domain is always shown at the top of the results, clearly marked with an original badge.
  • Each similar domain is checked for key risk indicators:
    • Email — Whether the domain is configured to handle email (has functional MX records).
    • Newly Registered (<30d) — Domains registered in the last 30 days are flagged as high risk.
    • Recently Registered (<90d) — Domains registered in the last 90 days are flagged as medium risk.
    • new — Domains not seen in your previous scans are highlighted for attention.
    • Suspicious — Domains generated by a homoglyph finding (visually deceptive character swaps) are flagged as suspicious.
    • Subdomain — Indicates a subdomain of a likely unrelated domain. These are often false positives due to domain registrars using wildcard DNS to redirect traffic to their own site.

For advanced monitoring or takedown support, contact us: help@certra.co.za

Glossary

TermDefinition
SPFSender Policy Framework: Enumerates authorized outbound sources for the domain.
DKIMDomainKeys Identified Mail: Cryptographic signing enabling integrity verification.
DMARCDomain-based Message Authentication, Reporting, and Conformance: Alignment and policy layer ensuring SPF/DKIM match the visible From domain and enabling reporting.
PTRDNS PoinTeR REcords: Reverse DNS mapping IP to hostname; Clarity supports trust and filtering decisions. Could impact email delivery reliability.
SPF Lookup LimitSPF has a hard limit of 10 DNS lookups that expand mechanisms; Exceeding this invalidates evaluation.
Spoofability GradeA composite rating (1–5+) reflecting how easily a domain can be impersonated via email, derived from SPF, DKIM, and DMARC strength.
+allAn SPF mechanism that permits any server to send email for the domain. Considered a critical misconfiguration that undermines all email authentication.
Suspicious HomoglyphCharacters that look alike but are different Unicode code points, used to create deceptive domains. Domains with this finding are flagged as suspicious.
MX RecordMail Exchange record; DNS entry specifying mail servers for a domain.
PhishingFraudulent attempt to obtain sensitive information by disguising as a trustworthy entity via email or websites.
Typo-squattingRegistering misspelled versions of popular domains to capture traffic or deceive users.

Interested in continuous monitoring or progressing enforcement? Contact us. help@certra.co.za