ThreatScope Check Visible trust signals for the public internet

TrustSurface-informed public utility

Inspect a domain’s visible trust posture.

A public-interest R&D tool for interpreting observable digital trust signals.

Evidence-led checks across email trust, web delivery, DNS hygiene, and registration visibility.

Live checks Privacy-first request flow Cloudflare DNS RDAP

From signals to findings

Digital trust is often judged from the outside in. ThreatScope Check starts with what is visible, reads those signals carefully, and returns clear findings without overclaiming.

Model diagram

The result is a TrustSurface-informed reading of observable trust signals - useful for quick assessment, clearer decisions, and more honest conversations about digital trust.

Run a check

Inspect a domain’s visible trust signals.

Run a live check across email trust, web delivery, DNS hygiene, and registration visibility to see how a domain presents from the outside in.

public alpha
Try an example

What is checked

  • Email trust MX, SPF, DMARC, DKIM
  • Web delivery HTTPS and security headers
  • DNS hygiene Nameservers, CAA, DS
  • Registration visibility RDAP where available

These are the public-facing signals most commonly used by customers, partners, researchers, and attackers to assess credibility.

What you receive

  • Fast summaryWhat matters most, first
  • Prioritised findingsClear, defensiblenext steps
  • Evidence and sourcesSignals with provenance
  • Coverage notesLimits and gaps made clear

This is a public-facing reading of visible trust signals, not a full audit, internal assessment, or vulnerability scan.

Guide

How to use the check

1. Run the check

The checks are live and usually complete within a few seconds.

2. Start with Summary

This is the fastest way to see what matters most, what may be noise, and what to review next.

3. Explore the detail if needed

Move into Findings, Signals, and Evidence when you want the supporting technical detail behind the result.

4. Keep the limits in mind

This is a public-facing check of visible trust signals, not a full audit or internal security assessment.

Snapshot results

Your result will appear here.

Start with the Summary tab. It gives you the overall posture, the most important findings, and the next actions worth considering before you move into evidence or lower-level detail.

Signals of good digital trust

  • Clear identity - easy to verify
  • Secure delivery - protections are in place
  • Active governance - maintained and monitored
  • Honest transparency - limits are made clear

About

What ThreatScope Check is

ThreatScope Check is a public-interest R&D tool for examining the visible trust posture of a domain.

It focuses on public-facing signals that can be inspected from the outside: the kinds of indicators that shape whether a digital presence appears well governed, credible, and technically cared for. These are the same signals that customers, partners, researchers, and attackers can often see without privileged access.

The tool is intentionally lightweight. It is designed to offer a calm, evidence-led reading of what is publicly visible, not to overclaim certainty or collapse everything into a dramatic score.

ThreatScope Check is not a vulnerability scanner, penetration test, or full security audit. It cannot see inside systems or verify deeper operational controls. What it can do is help surface visible strengths, visible gaps, and questions worth exploring further.

It is both a practical public utility and a live research artefact: a way of making digital trust more inspectable, more legible, and more open to scrutiny. It interprets signals; it does not infer internal controls.

The goal is to make digital trust more inspectable, more consistent, and more open to public scrutiny.

Privacy & feedback

Public signals, clear limits

ThreatScope Check works from public-facing signals. It does not log in, probe internal systems, or rely on privileged access.

Results are a point-in-time reading of what was visible during the check. They are useful for inspection and comparison, but they are not a substitute for formal assurance or technical review.

Spot a bug, unexpected result, or edge case? Report feedback - include the domain, what you expected, and what you saw.

No domains are stored, logged, or profiled

Trust, privacy, and service information available via the Vigo Group Trust Centre.

Related work

ThreatScope Check offers a point-in-time reading of visible trust signals. Related work includes .auDo, an R&D observatory built to watch the .au namespace more carefully over time as part of Australia’s public-facing trust layer.

ThreatScope Check provides point‑in‑time readings; observatories provide longitudinal insight.