Frequently Asked Questions

MOORLI VendorRiskDiagnostic is an automated diagnostic tool by MOORLI LLC that assesses email spoofing and impersonation exposure across vendor domains.

It runs a non-intrusive scan on up to 50–100 vendor domains at once, checking public email-domain and related internet-facing signals such as DMARC, SPF, DKIM, MTA-STS, MX, DNSSEC, selected external corroboration signals, and registration-age context.

It is designed to support vendor due diligence around Business Email Compromise (BEC) and invoice fraud risk by identifying which vendor domains appear more exposed to spoofing based on public configuration.

Business Email Compromise (BEC) is a type of fraud where attackers impersonate trusted vendors, executives, or partners via email to trick employees into wiring money or sharing sensitive data.

BEC attacks cost businesses billions of dollars annually. A common tactic is spoofing a vendor's email domain to send fake invoices with updated "payment details." If your vendor's domain lacks proper email authentication (DMARC, SPF, DKIM), attackers can more easily forge emails that appear to come from that vendor.

MOORLI VendorRiskDiagnostic identifies which of your vendors have weak email security configurations — so you know which vendors may warrant follow-up first.

Our engine runs 42 security rules across 6 backend categories. The report then summarizes results into 4 scored report pillars: Spoofing, Identity, Transport Maturity, and Infrastructure.

• DMARC (10 rules): Record presence, syntax/policy validity, enforcement strength, pct, subdomain policy, alignment, aggregate-reporting signals, and explicit weaker subdomain-policy overrides
• SPF (9 rules): Record presence/duplication, terminal policy, lookup pressure, syntax/CIDR validity, and include/ptr/redirect hygiene
• DKIM (7 rules): Best-effort selector discovery, weak/malformed/testing/revoked keys, plus single-selector rotation-readiness and provider-context signals
• Transport Maturity & Reporting (4 rules): TLS-RPT presence, MTA-STS deployment, policy-file quality, and mode strength when deployed
• Mail Infrastructure Hygiene (8 rules): MX presence/redundancy/RFC issues, DNSSEC, BIMI, CAA, and provider context
• Reputation & Risk Signals (4 rules): Selected external corroboration signals and registration-age context when paired with weak authentication

DKIM and selected external corroboration / registration-age findings appear in the detailed results and can influence vendor risk scoring, but the top scorecard shown in the report uses those four summary pillars.

Most audits complete within a few minutes. Exact timing depends on domain count, report tier, external DNS responsiveness, and current system load.

Yes. The Service is designed to be provider-agnostic. We do not certify, endorse, or rate any email service provider or DNS host. We focus on what is observable in public email-domain records, lightweight public-web validation, registration context, and related internet-facing signals for the domain itself.

The scan does not require vendor credentials, vendor cooperation, or access to vendor systems. It uses public email-domain records, lightweight public-web validation, registration context, and related internet-facing signals. However, you are responsible for ensuring you have an appropriate business purpose and any authorization required by your contracts, policies, or applicable law.

Typically no. We query public records and internet-facing signals. We do not contact vendors or attempt to access private systems. However, we cannot guarantee how third-party DNS providers or other external services log or surface query telemetry.

No. Scores are informational and based on public signals at scan time. Real-world risk depends on many factors. Please review the Disclaimer for important limitations.

Free tools are designed for engineers to check one domain at a time and interpret raw technical data. MOORLI VendorRiskDiagnostic is built for bulk vendor visibility and reporting.

• Bulk Processing: Scan 50–100 domains in one run.
• Risk Scoring: Translate signals into an easy-to-read score.
• Executive Reporting: Generate a shareable report for internal stakeholders.
• Remediation Guidance: Provide recommended next steps (and templates where applicable).

Yes. While the tool is designed for assessing vendor risk, you can absolutely scan your own domain to see how your email security configuration appears to your customers and partners. It's a great way to identify gaps before someone else does.

No. MOORLI VendorRiskDiagnostic provides point-in-time assessments, not continuous monitoring. Each scan captures the vendor's configuration at that moment. If you need to check for changes, you can run a new scan (Executive tier includes a 30-day rescan).

Visit our Sample Reports page to see example outputs, or run a free 1-domain scan to see the format firsthand with no commitment.

Standard ($499):

• Up to 50 vendor domains
• PDF + HTML report
• No rescan included

Executive ($799):

• Up to 100 vendor domains
• PDF + HTML report + PowerPoint deck
• One 30-day rescan included
• Remediation email templates

Executive is ideal for QBRs, leadership presentations, or when you need to show progress over time.

Standard tier: PDF + HTML report

Executive tier: PDF + HTML report + PowerPoint deck

The PowerPoint deck is designed for executive briefings and board presentations, with summary slides, risk distribution charts, and detailed findings you can present directly.

Executive tier includes one complimentary rescan within 30 days of your original audit. This lets you:

• Verify that vendors have fixed issues you flagged
• Show progress/improvement in a follow-up presentation
• Update your risk posture after remediation outreach

The rescan covers the same domain list from your original audit.

Executive tier includes pre-written email templates you can send to vendors asking them to fix specific issues (e.g., "Please implement DMARC enforcement" or "Your SPF record has too many lookups").

These templates are professional, non-confrontational, and explain the issue in terms vendors can act on — saving you time drafting outreach.

Yes. We offer a one-time Free Audit that runs the full 42-rule engine on one vendor domain. You get a complete PDF + HTML report powered by the same core scan engine and scoring logic used in paid audits. No credit card required.

The Free Audit scans exactly 1 vendor domain. One free audit per account.

If you enter more than one domain, the system will require you to reduce your list to a single domain before submitting.

The Free Audit runs the same core 42-rule engine used in paid audits — there is no reduced or “lite” version of the scan. You get a full PDF + HTML report for one vendor domain, with per-rule findings, risk scoring, and remediation guidance.

What’s NOT included in the free tier:

• Bulk scanning (free is limited to 1 domain; paid supports up to 50 or 100)
• PowerPoint executive deck (Executive tier only)
• Remediation email templates (Executive tier only)
• 30-day rescan (Executive tier only)
• White-label branding (Agency accounts only)

The report may be labeled “FREE SNAPSHOT" to distinguish it from paid reports. One free audit per account.

No. The Free Audit is strictly one-time per account. Once used, the free option is disabled. To scan additional vendors, purchase a Standard or Executive audit.

Yes, MSPs/Agencies can run audits for clients and present the report as part of a vendor risk engagement. Your first agency pack purchase (3-pack or higher) automatically unlocks white-label branding configuration on your account — you can then customize reports with your own logo, colors, and agency name, and enable or disable white-label at any time.

MSPs/Agencies can purchase credits in bulk to reduce the per-audit cost: ~10% off for 3-packs, 20% off for 5-packs, and 30% off for 10-packs. Your first agency pack purchase also unlocks white-label branding configuration. See the Pricing page or For Agencies page for current packages and details.

No. Agency credits never expire. Use them at your own pace — whether that's 10 audits this month or spread across the year.

Yes. White-label branding is available for MSP/Agency accounts.

How to unlock it: Your first agency pack purchase (3-pack or higher, any tier) automatically unlocks white-label configuration on your account. After that, you can configure your branding in the dashboard and enable or disable white-label on your reports at any time. The ability to configure white-label remains available permanently — even if you later purchase one-time credits instead of agency packs.

If white-label branding is enabled on your account, MOORLI will generate a client-ready report that uses your agency branding (for example: logo and agency name) so you can present it directly to customers.

• Applies to all paid audits: If you are an agency and branding is enabled, the report will be white-labeled regardless of whether you used agency credits or one-time credits.
• Free audits: Free 1-domain previews may be labeled as “FREE SNAPSHOT" and will not include full white-label branding.

To enable or update your branding, use the branding settings in your account/dashboard (or contact us if you need help setting it up).

Your account becomes an MSP/Agency account after you purchase an Agency Pack (3-pack, 5-pack, or 10-pack). This unlocks agency credit pools and white-label branding configuration.

After your account is agency-enabled, you can still purchase and use one-time credits whenever you want — your ability to configure white-label remains available.

No. Pricing is one-time per audit/report. There are no recurring contracts.

No refunds once processing begins, except where required by law. If a paid audit fails because of a MOORLI-side delivery issue and no usable report is produced, we may restore the consumed audit credit for a replacement run. This is not a cash refund. Please see our Terms of Service.

The Service is provided “as-is” and is informational. Liability is limited as described in our Terms and Disclaimer, including a cap at the amount paid for the audit/report giving rise to the claim (to the extent permitted by law).

No. We cannot log into third-party vendor systems. Our Service identifies risk signals and provides recommended next steps and templates you can send to vendors.

All data is processed and stored on Google Cloud (Firebase, Firestore, Cloud Storage) with encryption in transit and at rest. We treat your audit reports and domain lists as confidential. See our Privacy Policy for full details.

Report files are stored for 90 days in your dashboard for easy access and re-download. After that, they may be automatically deleted. Audit metadata (scores, timestamps) is retained longer for your history unless you request deletion.

Yes. Contact support@moorli.io to request account deletion. We will remove your data in accordance with our Privacy Policy, subject to any legal retention requirements.

You can reach us at support@moorli.io.