Trust Center
How Dennisen makes decisions
Dennisen is designed to make domain trust decisions more understandable, more consistent, and easier to justify. This page explains what we assess, how outputs are structured, and where caution is still required.
What Dennisen is
Dennisen is a domain trust decision system. It evaluates signals related to domain identity, registration characteristics, infrastructure, and technical trust indicators to produce a clear result.
What Dennisen is not
Dennisen is not a guarantee of safety, a replacement for incident response, or a substitute for organization-specific security controls. It is a decision aid that helps users reason more clearly before engaging.
Decision model overview
Dennisen separates evidence into distinct categories so outcomes are more understandable to consumers, security teams, and enterprise reviewers.
Identity signals
Signals that suggest impersonation, typosquatting, brand mimicry, or phishing-oriented naming patterns.
- Brand impersonation patterns
- Typosquatting indicators
- Phishing keyword usage
- Suspicious domain structure
Registration signals
Signals related to how established or recently registered a domain appears.
- Recent registration
- Established registration history
- Unavailable or incomplete registration evidence
Infrastructure signals
Signals based on technical behavior and network configuration.
- DNS resolution
- Mail exchange (MX) presence
- SSL availability
- Certificate validity
Context and limitations
Some signals increase confidence, while others only reduce uncertainty.
- Incomplete evidence lowers confidence
- Mixed signals lead to caution
- Known stable domains are treated differently
What the results mean
Appears safe
The domain shows strong trust signals and no meaningful indicators of risk in the observed evidence.
Use caution
The domain shows mixed, incomplete, or potentially concerning signals. Additional verification is recommended before interaction.
High risk
The domain shows strong indicators of phishing, deceptive activity, or technical conditions that substantially increase risk.
Confidence and evidence
Confidence reflects how well the available evidence supports the result. It should not be confused with certainty.
High confidence
Multiple meaningful signals align in the same direction, and the available evidence supports a stable conclusion.
Moderate confidence
There are useful indicators, but not enough aligned evidence to treat the result as especially strong.
Low confidence
Available evidence is limited, mixed, or incomplete. The result should be treated as a prompt for additional verification.
Fairness and responsible use
Same core assessment, different depth
Consumer, security, and enterprise views should reflect the same core underlying assessment. Higher tiers may add structure, auditability, and reporting, but should not conceal safety-critical truths.
Uncertainty should be communicated honestly
If evidence is missing or inconclusive, Dennisen should reduce confidence rather than make a stronger claim than the evidence supports.
Results support judgment, not replace it
Outputs are designed to support decision-making. In sensitive contexts, they should be combined with organizational policy, user awareness, and additional verification steps.
Current limitations
Signal availability can vary
WHOIS, DNS, SSL, and other evidence sources may be incomplete, inconsistent, unavailable, or delayed depending on the domain and provider.
Benign infrastructure issues can occur
A technical issue such as missing MX or SSL does not automatically mean malicious intent. Signals must be interpreted in context.
Not all threats are visible from domain-level evidence
Some risks depend on page content, behavior after click, hosting reputation, or broader campaign context that may not be visible in a lightweight check.