wiredepth
Run a check

Free tool · Vendor / supplier risk

Vendor security scoring

Paste up to 25 supplier or vendor domains and we return a scorecard for each: TLS posture, DMARC enforcement, and DNS health (DNSSEC, registration expiry, blacklist status). Use it as evidence in procurement reviews or to triage which third parties most urgently need a security conversation.

Free batch

up to 10 domains · 3/day

Pro

up to 100 · scheduled re-runs

MSP

up to 500 · saved batches

One domain per line (or comma / semicolon separated). Free batch is capped at 10 domains. We run TLS, DMARC, and DNS-health checks on each in parallel.

What this tool checks

For each vendor domain we run the same posture checks our standalone tools run - TLS handshake + cipher posture, DMARC policy strength, DNS health (DNSSEC, CAA, registration expiry, blacklist hits) - and produce a per-vendor letter grade plus a breakdown.

Then we surface the worst-grade and the highest-leverage issue across the batch, so a procurement team can rank the list by "needs a conversation" priority instead of treating every finding equally.

The 25-domain batch limit is a fair-use ceiling for the free tool. Wiredepth MSP ($699/mo, 100 domains) was built for agencies running supplier risk across larger portfolios with scheduled re-scans, alert routing per-client, and co-branded PDF exports.

How to read the results

Worst-grade column sets your triage priority. A vendor with TLS A but DMARC F is not "passing" - they're shipping unauthenticated mail under their domain, which is a phishing-impersonation risk for YOUR users.

Use the batch view as evidence in vendor reviews. Procurement teams have started attaching Wiredepth scorecards to renewal conversations - the data is public, the verdict is portable, and the vendor can verify the same inputs themselves.

One vendor jumping from B to D over time usually means either a cert expiry was missed (TLS regression) or DMARC was relaxed during a delivery troubleshoot (regression to p=none). Wiredepth Pro alerts on the regression rather than waiting for the next manual review.

Frequently asked questions

Is this 'vendor risk' the same as SOC 2 / ISO 27001?

No - it's a complement. SOC 2 / ISO 27001 attest internal control posture. This tool surfaces external-facing security signals you can verify yourself in seconds. Many procurement teams use both: ISO certificate as table stakes, scorecard as ongoing watch.

Can I score my own internal subsidiaries?

Yes - any public domain works. Common usage in larger orgs is monitoring posture across acquired companies whose IT is being consolidated, or across regional brands that share infrastructure.

How is this different from BitSight / SecurityScorecard?

Those platforms aggregate 50+ signals into a 0-1000 score over time. We aggregate the public posture signals (TLS / DMARC / DNS) into a letter grade per check, fast and free. Different price points and different rigor - the enterprise platforms cost $40k+/yr; this is $0 for one-off and $699/mo MSP for ongoing.

Does Wiredepth Pro continuously monitor vendors?

Yes - Pro and MSP tiers include vendor supply-chain monitoring on all your tracked domains, with alerts when any vendor regresses on TLS, DMARC, or DNS health.

Can I export the scorecard?

Free version: copy-paste / screenshot. MSP: co-branded PDF with your logo + accent color. Enterprise: REST API for pipeline integration.

Related free tools

Domain reputation + threat intel

Per-domain threat-intel verdict.

TLS / SSL checker

Drill into one vendor’s TLS posture.

DMARC analyzer

Drill into one vendor’s DMARC posture.

DNS health checker

Per-domain DNS posture.