Predictive Risk Analysis

How the AI risk score, trend, and 30-day forecast work

4 min read SPF Management

Predictive Risk Analysis

The Predictive Risk Analysis panel (found at the bottom of the AI Automation tab) calculates a daily risk score for your domain, tracks whether that risk is improving or worsening, and forecasts where you'll be in 30 days — before problems become critical.

The Risk Score (0–100)

Your overall risk score combines four signals, each weighted by importance:

40%
DMARC Compliance Rate

The percentage of your email that passes DMARC authentication. 100% compliance = zero risk from this factor. Below 95% will flag as an issue.

30%
SPF Record Health

Lookup count, delegation status, circular references, and other SPF-specific issues. A healthy SPF record contributes zero risk here.

20%
Active Anomalies

Unresolved anomalies detected by monitoring — volume spikes, sudden pass-rate drops, or suspicious new sources. High anomalies add 5 pts each, critical add 10 pts.

10%
Suspicious Sources

Sources sending email with zero authentication, or flagged as suspicious or unrecognised. Proportional to the share of your total sources.

Risk Levels: LOW 0–25  ·  MEDIUM 26–50  ·  HIGH 51–75  ·  CRITICAL 76–100

Trend Direction

Trend is calculated using 7 or more days of historical snapshots. If fewer than 7 days exist, the panel shows "Insufficient history."

  • ↓ Improving — risk score dropping more than 1 point/week on average
  • → Stable — score holding steady (within ±1 pt/week)
  • ↑ Degrading — risk score rising more than 1 point/week

The velocity label (e.g. "+2.3 pts/week") shows the rate of change. A negative velocity is good — your risk is falling.

30-Day Forecast

Once trend data is available, the panel projects your risk score 30 days forward by extrapolating the current velocity. If your trajectory crosses a risk level boundary (e.g. Medium → High), it flags this as a predicted issue so you can act before it happens.

The confidence percentage reflects data quality — more days of history and a consistent trend direction produce higher confidence.

AI Enhancement

For domains at HIGH or CRITICAL risk, or where the trend has been consistently degrading for 7+ days, AI analyses your 30-day compliance history, active anomalies, and source data to generate:

  • A plain-English explanation of what is driving the risk
  • Specific predicted issues (e.g. "DKIM selector misconfiguration will cause rejections")
  • 2–3 concrete recommended actions

The AI enhanced badge appears when AI has contributed to the forecast. Low and medium risk domains with stable trends use rules-based forecasting only.

Dashboard Integration

The Actions Summary card on your main dashboard shows "High Risk Domains: N" whenever any of your domains are at HIGH or CRITICAL risk — keeping risk visible at the portfolio level without needing to check each domain individually.

How Often It Updates

Snapshots run once per day at 2:00 AM. The panel always shows the most recent completed snapshot — it does not recalculate in real time. Domains without DMARC report data are excluded until reports start arriving.

Previous
Managed SPF (Delegation)
Next
DMARC Policy Readiness

Related Articles

AI Insights Panel

SPF Decision Queue

Understanding the Sources Table
← Back to Documentation