Domain Trust Score Calculator

Calculator Inputs

Domain

Use the apex domain (no path, no protocol).

Domain age (years)

Older domains often carry more stability signals.

TLS grade

A stronger grade boosts transport security confidence.

HTTPS enabled

DNSSEC enabled

WHOIS privacy

Privacy can be normal; weigh it for your context.

Email authentication

Helps reduce spoofing and improves reputation signals.

Blacklist hits (0–20)

More hits reduce the score sharply.

Security headers count (0–10)

Count common headers like CSP, HSTS, XFO, XCTO.

Uptime (%)

Avg response time (ms)

Threat flags

Any “Yes” is treated as high impact.

Weight Controls (auto-normalized)

Increase weights for signals you trust most. The calculator rescales them so the total stays consistent.

Domain age weight 10

HTTPS weight 10

DNSSEC weight 7

Email auth weight 10

Blacklist weight 12

Malware flag weight 14

Phishing flag weight 12

WHOIS privacy weight 5

Security headers weight 7

Uptime weight 6

Response time weight 4

TLS grade weight 3

Example Data Table

Domain	Age (y)	HTTPS	SPF/DKIM/DMARC	Blacklist	TLS	Uptime	Resp (ms)
example.com	5.0	Yes	Yes/Yes/No	0	A	99.5%	420
new-site.test	0.3	Yes	No/No/No	1	B	96.0%	1200
flagged-domain.test	1.2	No	No/No/No	4	NA	92.0%	2400

Use this table as a template for collecting internal review inputs.

Formula Used

The calculator converts each signal into a normalized value between 0 and 1, then combines them using weights that you control. Weights are automatically normalized so their total equals 1.

Trust Score = round( 100 × Σ( weightᵢ × signalᵢ ) )
Examples of signal normalization: blacklist cleanliness decreases as hits increase, uptime rises sharply above 90%, and response time scores higher when latency is lower.

This scoring model supports comparisons and prioritization; it is not a definitive verdict.

How to Use This Calculator

Enter the domain and fill in the security signals you have available.
Adjust weights to match your environment (e.g., stricter on blacklists for email-heavy workflows).
Click Calculate Trust Score to view the result above the form.
Download CSV for spreadsheets or PDF for audit-ready documentation.
For “Caution” or “High Risk,” perform deeper checks before interacting.

Signal coverage and why it matters

Trust decisions improve when you aggregate multiple indicators instead of relying on a single scan. This calculator blends registration maturity, transport security, and reputation signals into one score. The highest value comes from consistency: a domain that is older, stable, and clean across checks is less likely to be disposable infrastructure. When you only have partial inputs, the confidence highlights that limitation so teams can request evidence.

Reputation indicators and exposure risk

Blacklist hits, malware flags, and phishing associations are treated as high-impact because they correlate with immediate harm: credential theft, payload delivery, and abuse campaigns. Even one hit can be meaningful if it is recent and repeated. Use the blacklist field to represent the number of reputable sources that list the domain or its IP. If you track time windows, keep a separate note for “last seen” to help distinguish old residue from active abuse.

Email authentication as a practical trust proxy

SPF, DKIM, and DMARC reduce spoofing and support better handling of suspicious messages. In many environments, domains with incomplete policies show higher rates of impersonation attempts. This calculator averages these three controls to create an email-auth score, which can be up-weighted for organizations where email is a primary attack path. Pair the result with user training and quarantine rules for stronger outcomes.

Performance, uptime, and operational legitimacy

Availability and responsiveness do not guarantee safety, but they often separate established services from short-lived sites. Higher uptime and response times suggest maintained infrastructure and monitoring. For internal allowlists, set a minimum uptime threshold and increase the uptime weight to penalize unstable endpoints. If your context includes APIs, response time can be a useful indicator of overloaded or misconfigured systems.

Weight tuning and audit-ready reporting

The most defensible score is the one aligned with your threat model. Financial workflows may prioritize TLS and headers; helpdesk processes may emphasize phishing history; brand protection may elevate domain age and email controls. Because weights are normalized, increasing one reduces the influence of others, preserving interpretability. Use the CSV export to build trend lines, and the PDF export to attach evidence to tickets, vendor assessments, and post-incident reviews.

FAQs

1) Is a high trust score a guarantee that a domain is safe?

No. It is a prioritization signal based on the inputs you provide. Always validate with live scanning, content review, and business context before high-risk actions.

2) Why does a malware or phishing flag reduce the score so much?

Those flags indicate direct harm potential. The model treats them as high-impact to reflect real-world incident response, where a single confirmed flag often triggers blocking.

3) What should I enter for blacklist hits?

Use the count of reputable blocklists or intelligence sources that list the domain or its infrastructure. If you only have one source, enter 1 and add notes externally.

4) How do weight controls change the calculation?

Weights express importance. The calculator normalizes them, then multiplies each signal by its weight and sums the results. This keeps the score comparable after tuning.

5) Why is WHOIS privacy included?

Privacy can be legitimate for individuals and small teams, but it can also reduce accountability. The weight lets you decide how much that factor matters in your environment.

6) Can I use this score for vendor approvals?

Use it as a screening layer, not the final decision. Combine the exported report with vendor security questionnaires, contract requirements, and independent technical verification.