New: Realtime monitors + browser extension

The trust layer for themodern internet.

Trustoby analyzes URLs, emails, and text using verifiable signals — DNS, TLS, RDAP, SPF/DKIM/DMARC, and language patterns — then shows you the exact evidence behind every score, with calibrated confidence. Never opinions. Only what we can prove.

No credit card 50 free scans / mo API + Webhooks SOC 2 ready
trustoby.app/scan → https://account-secure-verify.com/login
Trust score
23/ 100
High risk
Confidence 91%
Evidence (4)
  • Domain registered 3 days ago via privacy proxy
  • Brand impersonation pattern in subdomain
  • TLS cert issued <24h ago by free CA
  • DNSSEC validation chain intact

Trusted by security & trust teams at

Northwind
Acme Corp
Helios
Vector
Mercator
Arcadia
120M+
Signals analyzed
<400ms
Median scan latency
99.98%
API uptime (90d)
37
Evidence sources

Capabilities

One trust layer. Every surface where deception lives.

Trustoby covers the channels attackers actually use — links, email, and copy — with evidence you can audit, not opinions you have to trust.

URL & domain forensics

DNS resolution paths, RDAP registration age, TLS certificate chains, security headers, redirect chains, and phishing-pattern heuristics across hundreds of indicators.

  • Registration & ownership history
  • Certificate transparency lookups
  • Redirect & cloaking detection

Email authentication

Full SPF, DKIM, and DMARC posture inspection. We tell you whether a sender domain actually authenticates — and what an inbox should believe.

  • SPF / DKIM / DMARC alignment
  • Display-name spoof detection
  • Header anomaly analysis

Text & language analysis

AI-generation likelihood, urgency manipulation, and social-engineering pattern recognition. Confidence is calibrated to the length and quality of the text.

  • LLM-output likelihood
  • Coercion & urgency cues
  • Brand-impersonation phrasing

Continuous monitors

Watch a domain or sender forever. Get notified the moment its posture changes — new certs, new MX, new SPF, suspicious redirects.

  • Drift detection
  • Webhook + email alerts
  • History timeline per asset

Developer-first API

A single REST endpoint returns a score, a band, calibrated confidence, and the full evidence array. SDK-friendly. Idempotent. Cached.

  • REST + Webhooks
  • Batch scanning
  • Generous free tier

Browser extension

Inline trust badges as you browse. One-click deep scan. Zero data leaves the device until you ask for a full analysis.

  • Chrome & Edge
  • Privacy-respecting
  • Team-shared rules

How it works

From input to evidence in under half a second.

A deterministic pipeline. Cached where it can be. Re-verified where it must be.

  1. 01

    Submit

    Paste a URL, an email, or a block of text. Or pipe assets through the API and webhook stream.

  2. 02

    Collect signals

    We query DNS, RDAP, certificate transparency, sender authentication, and run language analyzers in parallel.

  3. 03

    Weight evidence

    Each signal carries severity, weight, and confidence. We never average opinions — we accumulate facts.

  4. 04

    Score + explain

    You receive a 0–100 score, a band, calibrated confidence, and the full evidence array. Always auditable.

Principle

Every score ships with the evidence that produced it.

Black-box trust scores are how the last generation of safety tools lost credibility. We do the opposite: every contribution to a score is labeled, weighted, and visible. If we don't have enough signal, we say so, and we lower confidence accordingly.

  • Auditable

    Every evidence item links back to the raw query — DNS records, certs, headers, RDAP responses.

  • Calibrated

    Confidence reflects evidence completeness, not model boldness. Thin signal → low confidence, always.

  • Honest about conflict

    When signals disagree, we surface both sides instead of hiding them behind an average.

// POST /v1/scan
{
  "input": "https://account-secure-verify.com",
  "result": {
    "score": 23,
    "band": "critical",
    "confidence": 0.91
  },
  "evidence": [
    {
      "category": "registration",
      "severity": "critical",
      "label": "Domain age: 3 days",
      "confidence": 0.98
    },
    {
      "category": "tls",
      "severity": "warning",
      "label": "Cert issued <24h ago (Let's Encrypt)",
      "confidence": 0.94
    },
    {
      "category": "language",
      "severity": "critical",
      "label": "Brand impersonation phrase pattern",
      "confidence": 0.86
    }
  ]
}

Why Trustoby

Built for teams that can't afford to be wrong.

If a score can ruin a customer's day or a quarter's pipeline, you need the evidence behind it.

Transparent by default

No black-box scores. Every number traces back to evidence you can verify yourself.

Fast enough for inbox-time

Sub-second median latency. Cached intelligently. Built for inline use, not batch dashboards.

Private by design

We don't retain analyzed content beyond what you configure. SOC 2 controls, regional data residency on request.

Production-grade infra

Multi-region. Idempotent endpoints. Webhook retries with backoff. No surprises at 3am.

Problems we solve

The trust problems modern teams actually face.

Four failure modes we keep seeing across security, support, and trust teams — and what Trustoby does about each.

Problem

Phishing reaches users

Newly registered lookalike domains slip past filters in the first 24 hours when they're most dangerous.

Realtime RDAP + cert transparency analysis catches them at first sighting.
Problem

Synthetic content floods inboxes

LLM-generated outreach is indistinguishable from human writing at a glance, scaled to millions.

Language analyzers score generation likelihood with calibrated, not theatrical, confidence.
Problem

Brand impersonation costs sales

Customers lose trust the moment a fake support address reaches them — and you find out from Twitter.

Continuous monitors flag impersonation domains the day they're registered.
Problem

Black-box scores erode trust

Single-number 'safety' ratings without evidence are unfalsifiable and indefensible to a customer.

Every score ships with the exact evidence and confidence that produced it.

Industries

Wherever trust is the product.

Trustoby is in production across regulated industries and high-volume consumer surfaces.

Fintech & banking

Protect customers from account-takeover lures and authenticate inbound vendor communications.

Marketplaces

Surface seller-impersonation domains before they reach buyers; reduce dispute volume.

Newsrooms

Verify sources and inbound tips. Score document chains and originating domains in seconds.

Higher education

Catch financial-aid and tuition-scam domains targeting students at registration time.

Customer support

Triage abuse reports faster with attached evidence — no manual whois lookups.

Nonprofits

Defend donor trust from donation-page lookalikes during high-volume campaigns.

Use cases

Drop-in evidence for the workflows you already run.

Inline phishing triage

Wire Trustoby into SOAR or your support inbox. Each suspicious URL gets a score, band, and evidence array attached automatically — no analyst toggling tabs.

See an example

Vendor onboarding due diligence

Before adding a vendor, scan their domain, sender posture, and contact emails. Get a one-page evidence brief instead of a 'looks fine' Slack message.

See an example

Marketing copy QA

Run drafts through the language analyzer to catch unintended urgency, coercion, or LLM-style phrasing before campaigns go out.

See an example

Brand protection monitoring

Watchlist your brand. Get a webhook the moment a lookalike domain is registered or a suspicious cert is issued.

See an example

How we compare

Why teams switch to Trustoby.

Capability
Trustoby
Legacy URL scanners
DIY threat intel
Evidence-backed scores
Calibrated confidence
URL + email + text in one API
Continuous monitors with diff alerts
Sub-second median latency
Generous free tier
Transparent severity weights

Integrations

Plug into the stack you already run.

Native integrations and a generic webhook for everything else.

Slack
PagerDuty
Zapier
Jira
Salesforce
Webhook
Zendesk
Splunk
Datadog
Okta
Notion
GitHub

Security & privacy

Trust software has to be trustworthy software.

Encryption

TLS 1.3 in transit, AES-256 at rest. Per-tenant key isolation on request.

Access controls

SSO/SAML, scoped API keys, audit log of every key use and every scan.

Data minimization

Configurable retention. We never train models on customer data. Period.

Compliance

SOC 2 Type II in progress. GDPR-ready DPAs. Regional residency available.

Pricing

Simple plans. No surprises.

Start free, upgrade only when you actually need more.

Free

$0/mo

For individuals exploring trust signals.

Start free
  • 50 scans / month
  • URL, email, and text
  • Public evidence reports
  • Community support
Most popular

Pro

$19/mo

For professionals and small teams.

Start Pro trial
  • 5,000 scans / month
  • Continuous monitors
  • API + webhooks
  • Browser extension
  • Email support

Team

$99/mo

For teams operating at scale.

Start Team trial
  • 50,000 scans / month
  • SSO + audit log
  • Custom severity weights
  • Priority support + SLA
  • Regional data residency

Testimonials

Teams that demand evidence run Trustoby.

"We cut phishing-triage time by 70% in the first month. Analysts stopped tabbing between five tools."
Maya R.
Head of Trust & Safety, Mercator
"The evidence array is what sold us. We can defend every action to a customer or a regulator."
James K.
CISO, Northwind
"Calibrated confidence sounds boring until you've been burned by a 99% certain false positive."
Priya S.
Director of Security, Helios

Customer success

How Mercator cut phishing escalations by 71% in 90 days.

By piping inbound abuse reports through the Trustoby API and attaching the evidence array to every Jira ticket, Mercator's trust team eliminated manual whois and DNS checks, dropped median triage from 14 minutes to 4, and routed only high-confidence critical findings to senior analysts.

71%
fewer escalations
4 min
median triage
3x
more reports handled
Read the case study

Resources

From the Trustoby research team.

Working notes, technical deep-dives, and incident lessons we wish someone had handed us.

Guide

A practical taxonomy of phishing indicators in 2026

Forty-seven concrete signals, ranked by independent predictive value across 12M scans.

Read article
Engineering

Why we built calibrated confidence into every score

Confidence theatrics versus confidence that survives a postmortem — a working engineer's take.

Read article
Research

The half-life of a malicious domain is shrinking

Newly registered phishing domains now reach 50% of their victim count in under six hours.

Read article

FAQ

Answers to the questions teams ask before signing.

Does Trustoby tell me whether something is 'safe'?

No. We never label things safe or unsafe — that's an opinion that ages badly. We surface evidence and a calibrated score so you (or your policy) can decide.

How is confidence calibrated?

Confidence reflects the amount and quality of available evidence, not the model's enthusiasm. Thin or contradictory signals lower confidence; rich, consistent signals raise it.

What about false positives?

Because every score ships with evidence, false positives are auditable — and far less expensive operationally. You see exactly which signals pushed the score and can reweight them per workspace.

Do you train on customer data?

No. We never train models on customer inputs. Retention is configurable down to zero; regional residency is available on Team plans.

Is there a free tier I can try in production?

Yes — 50 scans per month with full API access, no credit card required. Pro and Team plans add monitors, higher quotas, and SSO.

How fast is the API?

Median scan latency is under 400ms with warm caches; cold-path scans (new domains, new senders) typically complete in well under two seconds.

Stop guessing. Start showing your work.

50 scans a month, free forever. API access included. Upgrade only when your evidence pipeline outgrows it.

SOC 2 in progress 4.9 / 5 customer rating 99.98% uptime