SecurityScorecard uses publicly available domain registration and DNS data as part of its attribution process. These data points serve as supporting signals when associating domains with organizations.
Domain registration and DNS fields used for attribution
SecurityScorecard uses the following types of publicly available data when performing attribution:
- Organization name
The organization name listed in domain registration records is used as a signal when associating a domain with an entity.
- Email address
The registrant or administrative email address in domain registration records is used to provide additional context about domain ownership or affiliation.
- Name servers
Name server records are used as a signal when they reflect infrastructure associated with a specific organization (for example, name servers using an organization’s domain).
How these fields can affect attribution
The values in these fields can influence how a domain is associated with an organization. For example, if the organization name in the registration records reflects a parent company instead of a specific subsidiary, attribution may align with the parent entity rather than the subsidiary.
For example, if a domain is registered under Acme International instead of Midwest Acme, attribution is more likely to align with Acme International.
Aligning registration details with the intended entity can help improve attribution accuracy, but does not guarantee a specific outcome.
Examples of registration and DNS data
The following examples show how these fields may appear in publicly available domain data. Field names and formats may vary by data source and registrar.
Example: domain registration data (RDAP)
Domain Name: acme.com Registrant: Organization: Acme International Email: admin@acme.com Registrar: Example Registrar, Inc. Updated Date: 2026-03-03
Example: name servers (DNS query)
$ dig acme.com NS ;; ANSWER SECTION: acme.com. 86400 IN NS ns1.acme.com. acme.com. 86400 IN NS ns2.acme.com.