How the compliance grade (A–F) and scorecard work

Every domain in Blankitt DMARC gets a compliance grade from A to F and a Compliance Scorecard, both shown on the domain's detail page. Together they give you a quick read on how healthy a domain's email authentication is and exactly where the gaps are.

The grade (A–F)

The grade is a single-letter summary of a domain's overall authentication posture, derived from its DNS configuration and the alignment results in its ingested reports. Think of it as the headline; the scorecard is the detail behind it.

• A — strong: enforced policy and legitimate senders consistently aligned.
• B–C — good foundations with gaps to close.
• D–F — weak or missing authentication, or a policy still at monitor-only with significant unaligned mail.

A high grade generally means you have an enforcing DMARC policy (quarantine or reject) and your real senders are passing alignment — not just that a record exists.

The Compliance Scorecard (6 dimensions, 0–100)

The scorecard breaks the picture into six dimensions, each scored 0–100, so you can see which area is dragging the grade down. The dimensions reflect the building blocks of DMARC health, for example: your DMARC policy strength, SPF configuration, DKIM signing, alignment of real mail, and supporting records. A low score in any one dimension points you straight at the work to do.

How to improve your grade — in priority order

1. Publish and tune DMARC. Make sure _dmarc.yourdomain exists with a valid policy and a working rua= so reports flow in.
2. Align your legitimate senders. This is the biggest lever. Use the Offenders page to find sources failing DMARC, identify the vendor, then:

• add the sender to your SPF record (the domain detail page offers SPF flattening — a recursive include tree plus a flattened ip4/ip6 view — and flags SPF drift, which is re-checked automatically every day), and/or
• enable DKIM signing for your domain on that platform and publish the selector (manage selectors on the domain detail page).

3. Drive alignment percentages up. Watch the source-IP breakdown with alignment %; the goal is for all legitimate mail to be consistently aligned.
4. Advance your policy. Once real mail is reliably aligned, use the Policy Progression Wizard (Monitor → Quarantine → Reject) to move from p=none to p=quarantine (optionally with a pct= ramp) and ultimately p=reject. An enforcing policy is what unlocks the top grades.
5. Add the supporting records where relevant — BIMI (needs an enforced DMARC policy), and MTA-STS + TLSRPT for TLS enforcement and reporting — which strengthen the overall posture.

Example: an aligned, enforcing record

A domain scoring well typically has something like:

_dmarc.example.com. TXT "v=DMARC1; p=reject; rua=mailto:<token>@rua.blankitt.com; adkim=s; aspf=s"

How to track progress

After each change, give providers a day or two to send fresh reports (ingest is typically daily), then re-open the domain detail page. The grade and scorecard recalculate from the new data, so you can watch them climb as senders come into alignment and your policy hardens. The Policy Progression Wizard checklists tell you what's still standing between you and the next policy step.

Remember what the grade does not measure

DMARC is about authentication only — it has nothing to do with spam or content filtering. A strong grade means mail genuinely from you authenticates correctly and impostors get blocked; it is not a deliverability or inbox-placement score.