Known Issues & Methodology
DKIM Selector Coverage
We check 12 common DKIM selectors (google, default, selector1/2, dkim, mail, k1, mandrill, smtpapi, cm, s1, s2). Custom selectors used by some institutions may not be detected, resulting in a lower authentication score.
DNS Resolution Delays
Some government domains use DNS servers with slow response times. DNS lookups may time out during the scan (20s limit), causing those domains to show incomplete results.
Responsiveness Metrics (Phase 2)
Future metrics will include: Email Response Rate, First Response Time, Same-Day Response Rate, Resolution Rate, and Meaningful Response Rate. These require sending test emails and tracking responses over multiple cycles.
DMARC Policy Adoption
Many Ghanaian institutions have DMARC set to "none" (monitoring only) or have no DMARC at all. This means anyone can send emails pretending to be from their domain — a serious phishing risk.
Scoring Methodology
Scores weighted: Infrastructure 30% (MX records, redundancy, providers), Authentication 40% (SPF, DKIM, DMARC existence & policy), Security & Policy 30% (DMARC enforcement, reporting, alignment). Same methodology as MxToolbox, DMARCLY, and Red Sift Investigate.
Phase 2 Metrics (Planned): Response Rate, First Response Time, Same-Day Response Rate, Resolution Rate, Meaningful Response Rate, Bounce Rate, Contact Validity, Office Hours Response Rate, SLA Compliance. These require sending test emails to institutions and tracking responses over multiple cycles.