Why do you "score" TLS instead of giving a Yes or No answer?
TLS is not Yes or No.
For example, what if a domain uses TLS version 1? Technically that domain is "TLS enabled", but it is not "secure".
Or take for example a domain that has a primary and a secondary (backup) MX host. If the primary has good TLS but the secondary does not, is email to that domain encrypted or not? Depends on which MX happens to be in use at the moment.
Our Confidence Factor℠ takes this into account. It accounts for two or more MX hosts, how they are prioritized, how good each of their TLS configurations are, such as what versions and cyphers they are using, etc.
Even for single MX hosts, the Confidence Factor℠ considers versions, cypher strengths, key sizes, certificates, DNS setup and name matching, etc.
Note that two or more MX hosts are common in medium sized organizations. They have their own email system, but subscribe to a cloud email provider as a backup. Their own email system has a higher MX priority than the backup, so the primary is always tried and used first. It is only when their own email system is down for maintenance or has a problem that the cloud provider receives their email. The backup typically stores the email and sends it to the primary when the primary comes back online. That connection may or may not be secure also, depending if the backup can send using encryption.
That's why we created the Confidence Factor℠. It shows the shades of gray. We suggest that a CF of 90 and above is good. And even then your own policy may demand a higher degree of encryption, etc. We provide the tools for you to explore your, and your customers', levels of email security.