Posts tagged "dmarc"

2 posts found.

June 01, 2026 19 min read

Where the Fortune 500 Actually Live: The DNS, Mail, and CDN Stack Behind America's Biggest Companies

We resolved the full DNS, MX, web-edge, and email-authentication stack of 500 Fortune 500 corporate domains against a May 2026 typed crawl. No single vendor owns enterprise DNS — 28% of the F500 still run their own. Proofpoint sits in front of 48% of mail-enabled inboxes. Akamai serves a third of the web edge. And the F500 enforce DMARC at 73% versus ~42% globally — yet MTA-STS reaches just 2.3%. This is the corporate Internet's plumbing, measured from the records themselves.

analysis fortune-500 infrastructure dns email dmarc cdn dataset

May 29, 2026 18 min read

A State of TXT: 150 Million Mail Domains, and Why Only 9% Actually Stop Spoofing

We queried the email-authentication TXT layer directly — _dmarc, _mta-sts, default._bimi, and apex SPF — across a May 2026 DNS crawl, using MX records as the denominator. Of 150,020,997 mail-capable apex domains, 71.3% publish SPF, 34.1% publish DMARC, but only 11.7% enforce DMARC and just 9.0% run the minimum credible SPF-plus-enforced-DMARC stack. Two-thirds of DMARC records sit at p=none. MTA-STS reaches 0.144% and BIMI 0.084%. And 45.7% of all DMARC reports flow to a single registrar's default configuration. This is the state of email authentication, measured from the records themselves.

analysis dns email dmarc spf security txt-records dataset