See what your current MSP is missing.
One domain. One email. Real findings: dark-web credential exposure, DNS spoofing risk, copycat domains, email authentication, web compliance, exec impersonation surface. Wellforce-branded PDF arrives in your inbox.
Six categories, one report.
External, passive scans only. We don't touch your systems — we observe the same surface an attacker would.
-
Dark-web credential exposure
Leaked logins for staff and execs across breach datasets.
-
DNS health
Records hygiene, dangling subdomains, zone transfer risk.
-
Email spoofing risk
SPF, DKIM, DMARC posture across your sending domain.
-
Copycat domain detection
Look-alike domains registered to impersonate your brand.
-
Web compliance
ADA / accessibility, privacy posture, cookie controls.
-
Executive email risk
Display-name lookalikes, SPF gaps, BEC vectors targeting leadership.
A Wellforce-branded PDF, in your inbox.
Six grades, plain-English explanations, a prioritized fix list. The same format we share with paying clients.
- Six categories scored A through F
- Plain-English explanation of every finding
- Prioritized fix list with effort estimates
- One-click link to book a walkthrough — only if you want it
Solid posture, three things to fix in 30 days.
Two findings move you from B+ to A− with under four hours of work each. The dark-web finding is informational — your team's existing MFA absorbs the risk.
- B Email deliverability (SPF / DKIM / DMARC) DMARC at p=none — upgrade to quarantine
- C Dark-web credential exposure 14 leaked logins for staff in last 24mo
- A DNS posture No dangling records or open zone transfers
- B Public-facing services No legacy ports; one expired TLS cert
- C Identity / SSO surface Legacy auth still allowed on M365
- B Backup signal No public mention of an offline restore test
About the scorecard
How long does the scan take?
Around 60 seconds to submit, and typically under five minutes for the report to arrive in your inbox.
What do you do with my data?
We never sell or share your scan results. Submissions create a record in our internal CRM and trigger one follow-up email with the report. No drip sequences, no list-rental.
How accurate is it?
The scan uses the same data feeds and tools we run for paying clients (dark-web intel, DNS lookups, mail authentication checks, Internet-wide scan databases). It catches real findings; it isn't a penetration test.
What does the report look like?
A Wellforce-branded PDF with grades for six categories, plain-English explanations, and a prioritized list of fixes. Sample shown to the right of the form.
Will you call me?
Only if you ask. The report includes an optional one-click link to book a 30-minute walkthrough. If you don't click it, you don't hear from us.
What does it cost?
Nothing. We run scans like this constantly anyway; sharing them with prospects is the cheapest, most useful thing we can do.
Can I run it for a domain that isn't mine?
No. We require a work email matching the submitted domain to prevent abuse. Use your own domain to evaluate Wellforce.
Is this the same as a SOC 2 audit?
No — different scope, different rigor. A scorecard is an external posture snapshot. A SOC 2 audit is a multi-month assessment of internal controls. We do both, but the scorecard is the right way to start the conversation.
Book a 30-minute review of your results.
Most of our scorecard prospects skip the walkthrough — the PDF answers most of the questions. If you want the team to read it with you, we'll find a slot.