























Every day, cybercriminals send around 3.4 billion phishing emails. 90 percent of successful cyber attacks originate from one of these emails.
We analyzed the live DNS records for 5,849 domains across 13 sectors, scoring each domain on eight points based on its Sender Policy Framework (SPF), Domain-based Message Authentication, Reporting, and Conformance (DMARC), DomainKeys Identified Mail (DKIM), and Mail Transfer Agent Strict Transport Security (MTA-STS).
96 percent of IT security and decision makers expect to see email security challenges throughout 2026, so you’d be forgiven for thinking that most organizations would be meeting the basics. However, our findings found that more than eight percent of organizations’ domains are fully unprotected, meaning they have no SPF, DMARC, DKIM, or MTA-STS measures in place. A mere 0.6 percent scored full marks for having all of the protections in place and at the highest level.
Which industries have the worst email security?
Government agencies and healthcare providers*.
Government agencies had the lowest average score by far (2.73) and had the highest number of unprotected domains with nearly 27 percent in total. Healthcare providers had the second-lowest average score (3.43) and the second-highest rate of unprotected domains (more than 19%).
In contrast, technology companies had the highest average score (4.83) and the lowest rate of domains with zero protection (2%).
What about the worst countries**?
Asian countries/territories had the lowest average scores, with China (2.3), South Korea (2.84), Hong Kong (3.07), and Japan (3.53) ranking among the lowest. The European countries of France (3.77), Germany (3.8), and Spain (3.98) also scored poorly.
Among the highest-scoring countries were the Netherlands (5.51), Denmark (5.33), Norway (5.31), and Finland (5.19).
China (28%), Hong Kong (26%), and France (16%) had the highest percentage of domains with zero protection. Seven countries, including the United Arab Emirates and Poland, had zero domains with no protection. Switzerland also had just less than 2 percent.
*We looked at healthcare providers (those providing direct care to patients) and healthcare businesses (e.g. pharmaceutical or medical device manufacturers) separately.
**Countries without large datasets, those with less than 10 scanned domains, haven’t been included in the country-by-country analysis.
All of the companies mentioned in the article have been contacted for comment (except those with full 8/8 scores). Any responses received will be added to the end of the article.
For scores used in the context of this article, each domain was given a score out of 8, with 8 being fully protected and 0 indicating no protection:
Average score: 2.73.
Rank: 13/13
121 out of the 452 domains we scanned had zero protections in place (27%)–the highest of all sectors.
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 71.7 | Has | 53.3 | Has | 26.5 | Has | 1.8 |
| Hard fail | 40.9 | Rejects | 13.9 | Enforcing | 1.1 | ||
| Soft fail | 25.4 | Quarantines | 12.4 | Testing | 0.4 | ||
| Reporting | 44.2 |
No government domains scored full marks, but three did score 7.5 – Australia’s national science agency (CSIRO), the Mila – Quebec Artificial Intelligence Institute in Canada, and The Alan Turing Institute in the UK (also dedicated to data science and artificial intelligence).
Each dropped half a point for a different reason: CSIRO has its MTA-STS in the testing phase, Mila has soft-fail SPF, and Turing quarantines emails that don’t pass DMARC checks, rather than rejecting them.
Where more than 10 domains were scanned within the country, the UK (4.6) and the US were the top scorers (3.9). The UK also had the lowest percent of domains with zero protection (6%), but 17 percent of domains were unprotected in the US.
China (0.9) and France (1.4) had the lowest average scores. Both of these countries also had the highest number of fully unprotected domains with 65 and 47 percent, respectively.
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| United Kingdom | 4.6 | 16 | 6 |
| United States | 3.9 | 46 | 17 |
| Spain | 3.5 | 53 | 11 |
| South Korea | 2.9 | 11 | 18 |
| Germany | 2.9 | 79 | 8 |
| Italy | 2.4 | 15 | 13 |
| France | 1.4 | 51 | 47 |
| China | 0.9 | 94 | 65 |
Average score: 4.83.
Rank: 1/13
10 out of the 498 domains we scanned had zero protections in place (2%)–the lowest of all sectors.
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 97.6 | Has | 91.6 | Has | 68.9 | Has | 4.4 |
| Hard fail | 51.6 | Rejects | 46.6 | Enforcing | 1.8 | ||
| Soft fail | 40.8 | Quarantines | 30.5 | Testing | 2.0 | ||
| Reporting | 84.3 | ||||||
Two tech companies’ domains scored full marks – microsoft.com and f5.com. A further 10 scored 7.5 – six of these were in the US and the others in Spain, Switzerland, Sweden, and the Netherlands.
Of the 10 without any protections, four were in China, and the others were in Hong Kong, Germany, Taiwan, South Korea, the Netherlands, and India.
The countries with the highest average scores were Israel (5.5) and the US (5.3). Both countries had no domains without any protections, as did Japan and Canada.
China and South Korea had the lowest average scores with 3.3 each.
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| Israel | 5.5 | 11 | 0 |
| United States | 5.3 | 256 | 0 |
| Canada | 4.9 | 11 | 0 |
| Japan | 4.6 | 35 | 0 |
| Germany | 4.4 | 11 | 9 |
| Taiwan | 4.3 | 28 | 4 |
| China | 3.3 | 52 | 8 |
| South Korea | 3.3 | 10 | 10 |
Average score: 3.43.
Rank: 12/13
85 out of the 438 domains we scanned had zero protections in place (19%)–the second highest of all sectors.
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 77.4 | Has | 65.5 | Has | 41.6 | Has | 2.5 |
| Hard fail | 40.4 | Rejects | 30.8 | Enforcing | 1.1 | ||
| Soft fail | 32.9 | Quarantines | 12.8 | Testing | 1.1 | ||
| Reporting | 60.0 | ||||||
Four domains scored full points. Three of these were part of the UK’s NHS (NHS Blood and Transplant, Manchester University NHS Foundation Trust, and University Hospitals Birmingham NHS Foundation Trust), and one was the Dutch cancer specialist, Prinses Máxima Centrum.
A further three domains (one each in the US, UK, and Netherlands) scored 7.5, each dropping 0.5 for MTA-STS being in the testing phase.
The Netherlands had the highest average score (6), while China (2.1) and Spain (2.6) had the lowest. The UK also had a low average score (2.9).
China also had the highest percentage of domains without any protections (45%), followed by the UK (37%).
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| Netherlands | 6.0 | 11 | 0 |
| France | 4.2 | 13 | 0 |
| United States | 3.9 | 174 | 12 |
| Italy | 3.3 | 13 | 15 |
| Germany | 3.2 | 26 | 8 |
| Australia | 3.1 | 21 | 24 |
| Canada | 3.0 | 18 | 28 |
| United Kingdom | 2.9 | 43 | 37 |
| Spain | 2.6 | 31 | 29 |
| China | 2.1 | 20 | 45 |
Among the domains with zero protections were a US healthcare company operating across over 500 locations and an NHS Trust in the UK.
Average score: 4.1
Rank: 10/13
50 out of the 462 domains we scanned had zero protections in place (11%).
Healthcare businesses scored slightly better than healthcare providers across all categories, but still had the fourth-lowest average score and the third-worst zero-protection rate.
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 88.1 | Has | 78.1 | Has | 58.4 | Has | 2.6 |
| Hard fail | 46.3 | Rejects | 35.5 | Enforcing | 1.1 | ||
| Soft fail | 38.1 | Quarantines | 19.0 | Testing | 1.1 | ||
| Reporting | 71.0 |
Just one domain scored full points – Revolution Medicines in the US. Five scored 7.5: Amgen in the US, bioMérieux in France, Fagron in Belgium, Fresenius (FSE) in Germany, and Verona Pharma* in the UK. All of them dropped 0.5 points for having MTA-STS in testing, aside from bioMérieux, which had MTA-STS in enforcement mode but DMARC in quarantine mode.
*Verona Pharma is now part of U.S. Merck.
The UK had the highest average score (4.9), but was closely followed by Switzerland (4.8) and the US (4.7). China (2.1) had the lowest average score and the highest percentage of domains without any protections (36%).
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| United Kingdom | 4.9 | 12 | 0 |
| Switzerland | 4.8 | 13 | 0 |
| United States | 4.7 | 206 | 3 |
| Ireland | 4.5 | 10 | 10 |
| Japan | 3.3 | 30 | 13 |
| China | 2.1 | 95 | 36 |
Among those scoring zero were a biopharmaceutical company with a $500M+ turnover in the US and an Irish pharmaceutical manufacturer.
Average score: 4.25
Rank: 8/13
21 out of the 498 domains we scanned had zero protections in place (4%).
Despite universities having the fifth-lowest percentage of domains with zero protection and the most domains with MTA-STS protocols, they had the highest number of domains with DMARC p=none. In short, despite nearly 86 percent of the universities we audited having a DMARC record in place, a meaningful share (42%) have stalled in monitoring mode and never flipped to enforcement.
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 94.8 | Has | 85.5 | Has | 62.9 | Has | 6.2 |
| Hard fail | 38.8 | Rejects | 20.3 | Enforcing | 3.4 | ||
| Soft fail | 44.6 | Quarantines | 23.3 | Testing | 2.6 | ||
| Reporting | 77.7 |
Five universities scored full marks. Wageningen University & Research in the Netherlands, the Australian National University, the University of Auckland in New Zealand, and the University of Southampton and the University of Bath in the UK.
The Netherlands had the highest average score (6), followed by Australia (5.4) and the UK (5.2). China (3.1), Germany (3.3), and South Korea (3.4) had the lowest scores.
Japan (10%) and China (8%) had the highest rate of unprotected domains.
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| Netherlands | 6.0 | 12 | 0 |
| Australia | 5.4 | 18 | 0 |
| United Kingdom | 5.2 | 32 | 3 |
| Spain | 4.9 | 15 | 0 |
| United States | 4.8 | 117 | 5 |
| Italy | 4.5 | 17 | 6 |
| Canada | 4.2 | 17 | 0 |
| France | 3.6 | 14 | 0 |
| Japan | 3.5 | 10 | 10 |
| South Korea | 3.4 | 14 | 0 |
| Germany | 3.3 | 27 | 4 |
| China | 3.1 | 106 | 8 |
Among the domains that scored zero were a Japanese university and a medical university in Germany.
Average score: 4.51
Rank: 5/13
19 out of the 495 domains we scanned belonging to legal firms had zero protections in place (4%)–the fourth lowest of all sectors.
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 95.6 | Has | 88.9 | Has | 55.4 | Has | 4.2 |
| Hard fail | 48.5 | Rejects | 40.4 | Enforcing | 2.8 | ||
| Soft fail | 40.4 | Quarantines | 30.5 | Testing | 1.4 | ||
| Reporting | 79.0 | ||||||
Three domains scored full points – Schjødt in Norway, MinterEllisonRuddWatts in New Zealand, and Linklaters in the US. A further seven scored 7.5 – six of these were in the UK and one in the US. All of the UK domains had soft-fail SPF, while the US domain had MTA-STS in testing mode.
The UK had the highest average score (5.5) and China had the lowest (2.1). China also had the highest number without any protections (38%).
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| United Kingdom | 5.5 | 42 | 0 |
| Brazil | 5.2 | 10 | 0 |
| India | 5.0 | 12 | 0 |
| Germany | 4.9 | 11 | 0 |
| Australia | 4.8 | 14 | 0 |
| France | 4.7 | 10 | 0 |
| United States | 4.5 | 189 | 4 |
| Canada | 4.4 | 18 | 0 |
| Italy | 4.4 | 10 | 0 |
| China | 2.1 | 24 | 38 |
19 domains had no protections.
Average Score: 4.57 (both sectors)
Rank: 2/13
17 out of the 490 domains we scanned for insurance firms and 16 out of the 496 domains we scanned for finance companies had zero protections in place (3% each).
Please note: some of the finance companies may also offer insurance packages, but these are included alongside financing/banking options.
Insurance:
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 94.3 | Has | 89.4 | Has | 60.4 | Has | 4.5 |
| Hard fail | 55.9 | Rejects | 39.0 | Enforcing | 2.4 | ||
| Soft fail | 35.5 | Quarantines | 26.5 | Testing | 1.8 | ||
| Reporting | 79.4 |
Four insurance companies had perfect scores, including Beneva of Canada, WCF Insurance, Pinnacol Assurance, and FFVA Mutual of the US.
Finance:
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 94.8 | Has | 86.1 | Has | 44.8 | Has | 1.8 |
| Hard fail | 69.8 | Rejects | 55.8 | Enforcing | 1.2 | ||
| Soft fail | 22.8 | Quarantines | 17.1 | Testing | 0.6 | ||
| Reporting | 82.5 |
Five finance companies also had perfect scores but, in this case, none of these were in the US. Rather, these were Nykredit in Denmark, Bank Muscat in Oman, Berner Kantonalbank in Switzerland, Commerzbank in Germany, and Belfius in Belgium.
Canada had the highest overall score (5.5), while Japan had the lowest (3.2)
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| Canada | 5.5 | 17 | 0 |
| Denmark | 5.2 | 13 | 0 |
| Netherlands | 5.1 | 16 | 6 |
| Australia | 4.8 | 23 | 0 |
| United Kingdom | 4.8 | 18 | 0 |
| United States | 4.7 | 204 | 3 |
| Spain | 4.2 | 13 | 0 |
| France | 4.2 | 39 | 13 |
| Germany | 4.1 | 36 | 3 |
| Austria | 3.3 | 10 | 20 |
| Japan | 3.2 | 22 | 0 |
Of the domains with zero protections, most of these were in the US (6) and France (5).
Brazil had the highest overall score (5.7), while China had the lowest (2.2).
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| Brazil | 5.7 | 10 | 0 |
| United Arab Emirates | 5.5 | 11 | 0 |
| Philippines | 5.4 | 11 | 0 |
| United Kingdom | 5.2 | 18 | 0 |
| United States | 5.1 | 69 | 0 |
| Italy | 5.0 | 15 | 0 |
| Saudi Arabia | 4.7 | 10 | 0 |
| India | 4.6 | 19 | 5 |
| Germany | 4.6 | 12 | 0 |
| Switzerland | 4.3 | 14 | 0 |
| Japan | 4.1 | 27 | 7 |
| Vietnam | 4.0 | 13 | 0 |
| Taiwan | 3.3 | 17 | 6 |
| China | 2.2 | 53 | 13 |
Most of the domains without any protections were in China (7).
Average score: 3.86
Rank: 11/13
21 out of the 212 domains we scanned had zero protections in place (10%).
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 89.6 | Has | 74.1 | Has | 56.6 | Has | 3.8 |
| Hard fail | 50.0 | Rejects | 18.4 | Enforcing | 1.4 | ||
| Soft fail | 36.3 | Quarantines | 22.2 | Testing | 2.4 | ||
| Reporting | 61.3 | ||||||
None of the non-profit domains we analyzed scored 8 out of 8 but two scored 7.5. These were the Center for International Climate Research (CICERO) in Norway and the LSU AgCenter in the US. CICERO has DMARC in quarantine mode, while LSU AgCenter has MTA-STS in testing mode.
The US had the highest average score with 4.6, while China had the lowest with 1.6
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| United States | 4.6 | 45 | 7 |
| Spain | 3.8 | 16 | 6 |
| Portugal | 3.8 | 12 | 17 |
| Germany | 2.8 | 13 | 0 |
| China | 1.6 | 19 | 32 |
Among those domains with zero protections was a non-profit research company headquartered in Portugal.
Average score: 4.19
Rank: 9/13
39 out of the 460 domains we scanned had zero protections in place (8%).
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 90.0 | Has | 79.1 | Has | 54.6 | Has | 3.0 |
| Hard fail | 52.8 | Rejects | 33.3 | Enforcing | 1.5 | ||
| Soft fail | 35.4 | Quarantines | 25.0 | Testing | 1.1 | ||
| Reporting | 73.9 |
Three manufacturers’ domains scored full points. These were Wärtsilä and Valmet in Finland and the LISI Group in France.
Switzerland comes out on top with an average score of 5.6 and is closely followed by Sweden with 5.4. South Korea features at the bottom with an average score of 2.1, while China has the highest percentage of domains with zero protection (20%).
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| Switzerland | 5.6 | 17 | 0 |
| Sweden | 5.4 | 10 | 0 |
| Canada | 5.2 | 11 | 0 |
| Italy | 5.1 | 12 | 0 |
| France | 4.9 | 13 | 8 |
| United States | 4.8 | 102 | 4 |
| Germany | 4.4 | 24 | 8 |
| India | 4.0 | 37 | 8 |
| Japan | 3.4 | 103 | 12 |
| China | 3.0 | 54 | 20 |
| South Korea | 2.1 | 11 | 18 |
Included within the domains with zero protection were a global manufacturer with a head office in Japan and an Indian-based manufacturer with a global turnover of over $27 billion USD.
Average score: 4.29
Rank: 6/13
18 out of the 369 domains belonging to airlines that we scanned had zero protections in place (5%).
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 93.5 | Has | 81.8 | Has | 66.7 | Has | 1.9 |
| Hard fail | 54.5 | Rejects | 27.1 | Enforcing | 0.3 | ||
| Soft fail | 37.4 | Quarantines | 26.3 | Testing | 1.1 | ||
| Reporting | 71.0 |
Just one airline secured the full 8 points – HK Express in Hong Kong. One more (JetSMART in Chile) scored 7.5, dropping half a point for its MTA-STS being in testing mode.
Spain had the highest average score with 5.2 and China the lowest with 2.4. 21 percent of the domains in China also had zero protections.
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| Spain | 5.2 | 10 | 0 |
| United States | 5.1 | 34 | 0 |
| Canada | 4.9 | 16 | 0 |
| Russia | 4.2 | 11 | 9 |
| South Korea | 3.6 | 10 | 0 |
| China | 2.4 | 24 | 21 |
Average score: 4.52
Rank: 4/13
30 out of the 486 domains belonging to energy companies that we scanned had zero protections in place (6%).
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 92.4 | Has | 85.6 | Has | 62.6 | Has | 3.1 |
| Hard fail | 60.5 | Rejects | 41.8 | Enforcing | 1.2 | ||
| Soft fail | 29.0 | Quarantines | 25.7 | Testing | 1.4 | ||
| Reporting | 76.5 |
Equinor in Norway and OQ Gas Networks (OQGN) in Oman were the only two domains to score 8 points. Four further companies scored 7.5, including two in Canada, one in Finland, and one in the UK.
Norway’s energy company domains scored an average of 5.9, closely followed by the UK and Italy with 5.5. China scored 1.8 and had the highest number of domains with zero protections (27%), followed by India (17%)
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| Norway | 5.9 | 10 | 0 |
| United Kingdom | 5.5 | 15 | 0 |
| Italy | 5.5 | 12 | 0 |
| Brazil | 5.3 | 10 | 0 |
| Germany | 5.0 | 12 | 0 |
| Australia | 5.0 | 14 | 0 |
| Spain | 5.0 | 11 | 0 |
| Canada | 4.7 | 51 | 4 |
| United States | 4.7 | 161 | 6 |
| India | 3.9 | 29 | 17 |
| Thailand | 3.9 | 12 | 0 |
| China | 1.8 | 11 | 27 |
Average score: 4.26
Rank: 7/13
40 out of the 493 domains belonging to retailers that we scanned had zero protections in place (8%).
| SPF | % | DMARC | % | DKIM | % | MTA-STS | % |
|---|---|---|---|---|---|---|---|
| Has | 90.3 | Has | 82.4 | Has | 55.8 | Has | 3.0 |
| Hard fail | 49.3 | Rejects | 39.8 | Enforcing | 1.2 | ||
| Soft fail | 38.7 | Quarantines | 17.2 | Testing | 1.2 | ||
| Reporting | 75.9 |
Three retailers scored full points – Fielmann in Germany, ThredUp in the US, and National Vision, also in the US.
France (5.2) and Germany (5.1) had the highest average scores among retailers, while Japan and China had the lowest with 2.6 each. Japan also has the highest number of domains with zero protection.
Key country highlights:
| Country | Average score | # of entities | Zero protection (%) |
|---|---|---|---|
| France | 5.2 | 21 | 0 |
| Germany | 5.1 | 25 | 4 |
| Australia | 4.9 | 20 | 5 |
| Sweden | 4.8 | 10 | 0 |
| United States | 4.8 | 142 | 2 |
| Canada | 4.5 | 13 | 8 |
| Saudi Arabia | 4.0 | 10 | 20 |
| United Kingdom | 3.8 | 40 | 18 |
| India | 3.8 | 13 | 8 |
| China | 2.6 | 16 | 6 |
| Japan | 2.6 | 42 | 26 |
Domains with zero protections included a Japanese online shoe shop and a UK high-street retailer.
Our report highlights how each and every industry and country has room for improvement when it comes to email security. This is even the case within sectors and/or countries where email security is regulated to some degree.
For example, Europe’s GDPR doesn’t explicitly state that these protocols should be in place, but it does state that organizations must implement strict standards to help safeguard data. This perhaps explains why the likes of the Netherlands, Denmark, and Norway appear at the top of our rankings. But this doesn’t extend across all EU-regulated countries, with France, Germany, and Spain scoring far lower.
Equally, certain sectors within specific countries face heavier regulation. For example, in the US, the Department of Homeland Security (DHS) mandates that DMARC should be in use on all government agency email domains. And, in the UK, the Government Digital Service (GDS) requires DMARC across governmental domains, and with p=reject (hard fail)
If we look at our findings, 12 government entities in the US and three UK government agencies don’t employ DMARC (some of these are mentioned above).
As spam email campaigns continue to involve and utilize the likes of Google and the New York Times to induce a sense of trust, meeting basic email security standards has never been more crucial. Increased regulation may help spur organizations into action, but companies shouldn’t be waiting around to be told to safeguard their domains, particularly with what many would call standard protocols.
The list of companies (and their subsequent domains) were derived from industry lists of key/top companies within each sector. For example, the ICMF’s list of the world’s largest mutual and cooperative insurers was used for the insurance sector.
Any domains that weren’t available, e.g. those presenting a 404 error, were removed.
A full list of sources is detailed below.
We then resolved live DNS records for each domain. We queried TXT records at the apex for any SPF record, the qualifier on the trailing -all/~all/?all/+all mechanism, and the policy on any DMARC record at _dmarc.<domain>. We additionally tested for an MTA-STS policy files and DKIM records.
Each domain was scored on an 8-point scale (SPF presence, SPF strict-fail qualifier, DMARC presence, DMARC enforcement, DMARC reporting destination, DKIM presence, MTA-STS publication, MTA-STS enforce mode).
This audit checks the public, observable email-authentication posture of each domain at its apex. It does not assess subdomain posture (many large organizations enforce DMARC on a customer-facing subdomain while running monitor mode on the apex), internal mail-server configuration, anti-phishing tooling deployed by the organization’s mail provider, customer-side filtering, or human-targeted brand-protection programs.
https://www.icmif.org/wp-content/uploads/2024/05/ICMIF-Global-500-2024.pdf
https://companiesmarketcap.com
https://brandirectory.com/reports/banking
https://disfold.com/sector/healthcare/companies/
https://www.scimagoir.com/rankings.php
Data researcher: Mantas Sasnauskas
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。