Why Is My DKIM Grade a C When I Have No Findings? Jessica Risk vector grades are based on evidence of preventative implementations and/or the presence of vulnerabilities in a company’s infrastructure. When we have insufficient data to use as evidence, we assign a default risk vector grade. The threshold on what causes a default grade to be used varies by risk vector. In the case of the DKIM risk vector, a default grade of C is assigned if there are no findings (or only Neutral findings). Why Do I Need DKIM Findings? Without DKIM records, we cannot verify that a company is effectively preventing email from being spoofed from its domains. This is set in the center of the grading scale for computing into security ratings. An F grade is also assigned if a company's performance in the risk vector being in the top 60% of all companies in the Bitsight inventory. If there are no findings and we are temporarily unable to collect data, the most recent grade is assigned for up to 400 days before being assigned the default grade. If the most recent grade is lower than the default grade, the default grade is assigned. Resources DKIM Risk Vector Risk Vector Grading with Insufficient Data November 18, 2024: Published. Related articles How is the Desktop Software Risk Vector Assessed? DKIM Records Risk Vector Risk Vector Grading with Insufficient Data Why Is My SPF Domains Grade an F When I Have No Findings? Remediation Verification: DKIM Records Feedback 0 comments Please sign in to leave a comment.