
What's new in SecRift 1.1
SecRift 1.1 adds four new checks to every scan and sharpens how we grade - so one scan covers more of your domain's external surface, and the score reflects real risk more honestly.
Since launch we've been widening what a single scan can tell you and tightening how those findings become a grade. SecRift 1.1 is the result: four new checks join every scan, the scoring is reweighted to match real-world risk, and rescanning now shows whether your posture is moving in the right direction. Here's what changed.
Four new checks in every scan
Each of these runs automatically on every scan. Every one links to a full write-up if you want the detail behind the finding.
- MX - the records that decide where your mail is delivered. SecRift confirms your domain publishes valid, reachable mail servers and flags the misconfigurations that quietly break inbound email. See what MX is and why it matters.
- SMTP TLS - rather than only reading DNS, SecRift connects to your receiving mail servers the way a sender would and checks that they negotiate TLS with a trusted, valid certificate. That's the difference between TLS being configured and TLS actually working. Read how SMTP TLS is tested.
- security.txt - the RFC 9116 standard that tells researchers how to report a vulnerability to you. SecRift checks whether your
security.txtexists, is well-formed, and hasn't expired. Read what security.txt is. - BIMI - the standard that puts your verified logo next to authenticated mail in supporting inboxes. SecRift validates the record, the logo, and the certificate, and confirms the DMARC enforcement it depends on. Read how BIMI works.
Grading that reflects real risk
We reworked how findings roll up into your score. The weight behind each check was recalculated so the grade leans on the things that actually change your exposure, instead of treating every finding as equal.
We also closed a gap in the math: a domain that publishes nothing to protect itself no longer earns points for doing nothing. An empty configuration now grades as an empty configuration - the score you see is a truer read of where a domain actually stands.
See whether you're improving

Security work is iterative, so the report now gives you a reference point. When you rescan a domain, SecRift compares the result to your previous scan and tells you whether your posture got better or worse - not just that something changed. Fix a finding, rescan, and the report confirms the grade moved in the right direction.
More on the way
This release continues the plan from day one: keep expanding the checks and the tooling behind them. There's more coming - additional checks, deeper analysis, and reporting that helps you act faster on what a scan surfaces.
Run a free scan on any domain at secrift.com and see the new checks in action.

