What exactly is the Confidence Factor℠?
What is the method/logic behind("TestReceiver") testing? What is actually done to arise at the Confidence Factor℠?. Asking because we are using CheckTLS.com as part of our corporate security policy for vendor and customer email.
If you run("TestReceiver") with Output Format set to Detail, you will see the raw data that we use to compute the ConfidenceFactor.
From a high level, the ConfidenceFactor is a measure of the security of each MX weighted by the likelyhood of the MX being used.
For example, with an MX, a strong SSL/TLS version counts more than a strong cipher. And for the weighting, a weak MX down in a list of MXs doesn't hurt as much as a weak MX near the top.
While the actual formula is proprietary, it works like this:
First we score each MX by looking at:
Then the MX scores are combined into the single ConfidenceFactor using a weighted average based on the MX's Preference (from DNS) and if it connected (tempered by the IgnoreNoConnect option).