Methodology

We compute a five‑axis score (SPF/DKIM/DMARC/Alignment/One‑Click) and normalize a proof JSON (sorted keys, LF, UTC) which is hashed with sha256. Verification never triggers unsubscribe endpoints; One‑Click checks are syntax‑only.

Weights

SPF: 0–20 (≤10 DNS lookups; >8 warns)
DKIM: 0–20 (2048 bits recommended)
DMARC: 0–30 (none → quarantine → reject)
Alignment: 0–20 (relaxed/strict per org domain)
List‑Unsubscribe: 0–10 (RFC 2369 + RFC 8058)

Developers can use /developers (OpenAPI for /api/audit and/api/verify) and inspect a live proof at /scan/d3f4cedcab12abcd.