01
Submit domain
The review starts from a bounded passive request and business context, not an unrestricted scan brief.
How the review works
How KMayer Exposure Lens AI moves from passive_public review to private verified results and a governed deeper lane.
Each request begins in passive_public. Verification protects private access, the verified-running state keeps the journey clear while processing continues, and the results-ready email is sent only after both verification and completion. authorized_deep, read-only connector evidence, and trusted export intelligence apply only when ownership, engagement, and approvals are in place.
Executive journey view
From public signal to governed deeper validation, the process stays clear for non-technical buyers.
02
Verify email
The first customer-facing email protects the private route before any completed result is delivered.
03
Passive review runs
Public evidence is collected first so the opening lane stays safe, non-invasive, and explainable.
04
Private result unlocks
The verified recipient sees either the verified-running state or the completed private results page.
05
Governed deeper review
If ownership and engagement qualify, authorized_deep can unlock a more decision-ready evidence set.
06
Connector and export context
Read-only connector evidence and approved trusted exports can deepen confidence only when explicitly eligible.
07
KMayer remediation lane
The output moves into validation, prioritization, and deeper remediation planning rather than stopping at findings.
Review journey
The customer journey is deliberate, private, and verification-aware from the first request through completed results.
Step 1
Submit the domain and business details
Every request starts with domain validation, normalization, and guarded input handling before any public fetch begins. Invalid, private-address, localhost, and suspicious targets are rejected up front.
Bounded request capture before any review starts.
Step 2
Queue the passive_public review
The default entry lane reviews public DNS, mail-trust posture, HTTPS reachability, TLS basics, visible headers, trust files, indexing signals, and a tightly capped set of same-host public pages.
Public evidence first, no intrusive widening.
Step 3
Send the verification email first
The first customer-facing message is the verification email. It protects the private results route before any completed-results delivery is allowed.
Verification comes before private delivery.
Step 4
Verify the request email
The one-time verification link confirms that the intended recipient is the person unlocking the private route, even if the opaque URL is forwarded or discovered out of context.
Private access stays tied to the intended recipient.
Step 5
See the verified-running state if the review is still processing
After verification, the private route can show a verified-running state instead of exposing incomplete results. This makes it clear that access is valid while preparation is still underway.
No partial result exposure while the review is still being prepared.
Step 6
Unlock the private results when the review is complete
When the passive review has finished, the private page opens the completed results immediately for the verified recipient.
Completed results appear only on the verified route.
Step 7
Send the results-ready email only after verification and completion
If the scan finishes before verification, the ready state is preserved but the results-ready email waits until verification occurs. No verified click means no results-ready email to that recipient.
Results-ready delivery remains gated behind verification and completion.
Step 8
Use the private results to understand risks, evidence, priorities, and next steps
The unlocked page explains the executive summary, technical highlights, risk themes, evidence-source context, priorities, business or trust cues, and practical next-step guidance.
Business framing and technical context stay together.
Step 9
Activate authorized_deep only when ownership and engagement are verified
The deeper lane is governed. It applies only when verified ownership, active engagement, and the right approvals exist for the reviewed domain or account.
authorized_deep is explicit, not anonymous or automatic.
Step 10
Add read-only connectors and trusted exports only when eligible
read-only connector evidence, trusted export intelligence, monitoring, history, and deeper explainability can extend the review only inside that governed lane and only when the workflow allows them.
Connector and export context deepen the result only when the engagement qualifies.
Decision matrix
Use the first private result to decide what can happen now, what gets deeper with authorization, and where KMayer helps next.
What you get now
- Passive external posture review built from public evidence first.
- Private verified delivery with executive summary, technical highlights, and first priorities.
- Safe non-invasive signal collection with no login attempts, brute force, or exploit behavior.
What gets deeper with authorization
- Read-only connector-backed evidence when the tenant or domain is approved.
- Trusted export intelligence after quarantine, review, and approved-for-parse controls.
- Stronger provenance, vendor and asset context, monitoring continuity, and remediation sequencing.
What KMayer can validate next
- Whether the highest-risk signals map cleanly to real control owners and operational impact.
- Whether authorized_deep is commercially justified for the reviewed environment.
- How to turn the result into a practical remediation conversation without widening scope unsafely.
Why verification is required
Private results are intended for the verified recipient. Verification closes the trust gap between the public submission flow and the non-indexed private results route, and it keeps completed-results email delivery aligned to the right recipient.
What public mode never does
Public mode remains passive-only. It does not perform login attempts, brute force, credential spraying, exploit behavior, intrusive testing, hidden-path probing, or active internet-wide scanning.
What KMayer can help with after the review
KMayer can validate the findings, prioritize the highest-impact fixes, determine whether authorized deeper review is justified, interpret connector-backed or trusted-export evidence, and move the work into assisted remediation planning.
Who provides the review
KMayer provides KMayer Exposure Lens AI. KMayer is the company and provider, while KMayer Exposure Lens AI is the tool and service family used for this review workflow.
Where deeper evidence comes from
Deeper evidence is governed, verified, and added only when it improves decision confidence.
The first review stays passive. When ownership and engagement are verified, KMayer can extend the review with approved read-only connector context, trusted export intelligence, monitoring, history, and remediation sequencing.
Passive evidence first
Public signals define the safe base layer.
The first review is passive and bounded: DNS, mail posture, HTTPS, TLS, trust files, indexing signals, and capped same-host public evidence are evaluated before any deeper lane is considered.
- DNS, mail trust, HTTPS, TLS, headers, trust files, and indexing posture.
- No login attempts, brute force, exploit behavior, or intrusive widening.
Governed deeper context
authorized_deep activates only with proof and scope.
The deeper lane is not anonymous. It requires verified ownership, active engagement, approved scope, and explicit approval for read-only connector evidence or trusted export intelligence.
- Connector and export evidence remain read-only, attributable, and bounded.
- Private noindex handling and verification controls continue to govern access.
Decision-ready follow-through
Deeper evidence improves confidence, history, and remediation sequencing.
When eligible, connector and trusted-export context can strengthen provenance, vendor ecosystem interpretation, passive asset inventory, monitoring, history, and the sequence of practical remediation work.
- Use deeper context to validate priority and ownership before change work.
- Move from findings into KMayer-assisted remediation planning when justified.
Passive first
Verified ownership
Approved read-only evidence
Private noindex result
KMayer-assisted remediation
Evidence reading lane
Read the public-signal guides that explain what the passive lane is observing.
Use these guides to understand the boundary between safe public evidence, governed deeper review, and practical next steps.
Evidence reading lanePassive External Exposure ReviewUnderstand what passive public-signal review can show and what it cannot claim.Evidence reading lanePassive Exposure ChecklistUse a structured checklist for DNS, mail, TLS, headers, trust files, and ownership review.Evidence reading laneEmail and Web Trust SignalsReview SPF, DKIM, DMARC, TLS, HTTPS, headers, and visible trust-signal basics.
