What exactly is the Confidence Factor℠?

Question

What is the method/logic behind //email/testTo: ("TestReceiver") testing? What is actually done to arise at the Confidence Factor℠?. Asking because we are using CheckTLS.com as part of our corporate security policy for vendor and customer email.

Answer

If you run //email/testTo: ("TestReceiver") with Output Format set to Detail, you will see the raw data that we use to compute the ConfidenceFactor.

From a high level, the ConfidenceFactor is a measure of the security of each MX weighted by the likelyhood of the MX being used.

For example, with an MX, a strong SSL/TLS version counts more than a strong cipher. And for the weighting, a weak MX down in a list of MXs doesn't hurt as much as a weak MX near the top.

While the actual formula is proprietary, it works like this:
First we score each MX by looking at:

  • the version of SSL/TLS used
  • the cipher strength
  • MTASTS (if tested)
  • DANE (if tested)
  • certificate validity, bit-ness, and name match

    • Then the MX scores are combined into the single ConfidenceFactor using a weighted average based on the MX's Preference (from DNS) and if it connected (tempered by the IgnoreNoConnect option).