Your email is the front door
attackers spoof first.
Averrow grades your SPF, DKIM, DMARC, and MX configuration on an A+ through F scale — then tells you exactly which gap an attacker would exploit first, and folds the result straight into your composite Brand Exposure Score.
An unprotected inbox is an open impersonation channel
Every brand-impersonation program eventually runs through email. Attackers don’t need to breach anything to send a message that looks like it came from your domain — they just need your SPF, DKIM, and DMARC configuration to have a gap. Most companies have never checked whether one exists.
Brand-protection platforms typically watch the outside world for impersonation — lookalike domains, fake social profiles, phishing pages. Far fewer check whether the brand itself has left its own front door unlocked. Averrow does both: external detection feeds by Sentinel, plus a standing grade on your own email authentication posture.
Four checks, one composite grade
Confirms a Sender Policy Framework record exists, resolves cleanly, and doesn’t exceed the DNS lookup limits that silently break enforcement.
Checks 12+ enterprise DKIM selectors spanning the major mailbox and gateway providers — not just the single default selector most tools stop at — so a secondary provider gap doesn’t hide behind a passing primary one.
Reads the DMARC record and evaluates the actual enforcement policy — none, quarantine, or reject — because a monitor-only DMARC record provides visibility, not protection.
Identifies the mail provider behind the domain (Google Workspace, Microsoft 365, and other major providers) and scores against that provider’s own conventions instead of a one-size-fits-all rule.
The A+ through F scale
Every check rolls into a single letter grade so the posture is readable at a glance — and so the underlying gap is never more than one click away.
The grade knows who’s behind your inbox
A generic checker penalizes a domain for not matching a rule that never applied to its provider in the first place. Averrow’s engine recognizes the mail provider first, then grades against that provider’s own authentication conventions.
Detected via MX and DKIM selector pattern; scoring accounts for Google's default alignment behavior so a compliant Workspace domain isn't penalized for provider defaults.
Detected via MX and Microsoft-pattern DKIM selectors; scoring reflects Microsoft's own SPF/DKIM conventions rather than treating them as generic anomalies.
Recognized as a secure email gateway layered in front of the primary provider — scored as an added control, not confused with the underlying mailbox provider.
Same gateway-aware treatment as Proofpoint — the engine distinguishes “no protection” from “protection sitting in front of a compliant mailbox provider.”
One grade, folded into the whole picture
The email grade doesn’t live in isolation. It’s one input the agent mesh reasons over alongside active threats, lookalike domains, and social impersonation to produce a single composite Brand Exposure Score — and a natural-language explanation of why the number is what it is.
Most brand-protection platforms watch for impersonation from the outside but provide little to no insight into your own email authentication posture — the gap that makes impersonation land in the first place.
Find out what your email grade actually is.
Run a free exposure scan in under five minutes — no signup, no credit card.