Dr.Who
← blog

How the top AI companies authenticate their email

· dmarc · spf · email · email-security · ai · research

dmarcspfemailemail-securityairesearch

On June 24, 2026, we ran live DNS scans on 18 of the world's largest AI companies. What we found: a generation of security-conscious startups and labs that have collectively achieved 100% adoption of the three core email authentication standards—SPF, DMARC, and DKIM. This is a remarkable consensus, and it reflects an industry that took email security seriously from day one.

But the story doesn't end at 100% deployment. When you look at how these companies configured DMARC—the strongest standard—you see a different picture: caution. Most chose p=quarantine over p=reject, a choice that suggests a young industry still mapping its legitimate senders and learning the cost of email misconfiguration.

What we measured

Between June 24 and June 24, 2026, we scanned 18 AI companies for email authentication records using Domain Posture's DNS-over-HTTPS checks (the same dossier scanner that runs on domainposture.com). Each company has a live MX record, meaning they operate their own mail infrastructure.

Method: DNS queries for SPF, DMARC, DKIM (at common selector names), MTA-STS, and TLS-RPT records.

Cohort: 18 AI labs and model/inference companies—Anthropic, OpenAI, Mistral, Cohere, Perplexity, Character AI, Midjourney, Stability AI, HuggingFace, Runway ML, ElevenLabs, Groq, Together AI, Fireworks AI, DeepInfra, Modal, Poe, and Replicate.

Caveat: This is a point-in-time snapshot. Email records change. Treat these numbers as a window into the AI industry's security posture in mid-2026, not a permanent ranking.

A clean sweep on the basics

All 18 companies publish SPF, DMARC, and DKIM. All 18 have MX records and receive mail.

| Metric | Count | Percent | |--------|-------|---------| | SPF present | 18 | 100% | | SPF with hardfail (-all) | 4 | 22.2% | | SPF with softfail (~all) | 14 | 77.8% | | DMARC present | 18 | 100% | | DMARC with rua reporting | 18 | 100% | | DKIM detectable | 18 | 100% | | Full enforced stack (p=reject or p=quarantine) | 16 | 88.9% |

The most striking result: DKIM detection at 100%. In most cohorts we've tested—financial services, government, retail—DKIM detection hovers around 60–80%, partly because selector names vary, partly because not all organizations publish it. Here, every single company we queried had a detectable DKIM public key at common selector names. This suggests industry standardization: these companies either use the same email platform (many likely use Google Workspace or Sendgrid) or they've independently converged on the same selector names.

SPF, too, is universal. But the split between hardfail and softfail is telling: only 4 out of 18 (22%) use the strict -all tag. The rest use ~all (softfail), which means "I'm not 100% sure of my senders yet." That's a cautious posture, and it works fine—softfail still rejects obvious spoofs at the receiving end—but it signals that these companies are still discovering new senders or integrating new platforms.

But cautious on enforcement

Where the story gets interesting is DMARC policy. All 18 companies publish DMARC, but they split into three camps:

  • p=reject (strongest): 5 companies (27.8%) — Anthropic, OpenAI, Character AI, Groq, Modal.
  • p=quarantine (medium): 11 companies (61.1%) — Mistral, Cohere, Perplexity, Midjourney, Runway ML, ElevenLabs, Together AI, Fireworks AI, DeepInfra, Poe, Replicate.
  • p=none (monitor-only): 2 companies (11.1%) — HuggingFace, Stability AI.

The p=quarantine dominance is the headline here. Quarantine sends unauthenticated mail to the spam folder instead of bouncing it. It's a gentler enforcement—and for a young company scaling fast, that's pragmatic. You may have just acquired a platform, or a new SaaS tool is sending mail on your behalf, or a sales team is working from a third-party domain. Reject would bounce all of it and anger users; quarantine gives you time to audit and add the sender to your SPF record.

But quarantine is also weaker. A spoofed email from a company's domain will land in spam instead of being rejected outright. For a security-forward company that has mapped its senders, moving to reject is the next logical step.

The outliers: HuggingFace and Stability AI publish p=none, which means "I'll track alignment failures but I won't enforce." Mail fails DMARC checks and lands normally—still spoofable. Both are mature, well-funded organizations; the p=none choice suggests either a very broad sender landscape or a deliberate decision to stay out of enforcement while they complete the audit.

For more on the mechanics here, see our guide: DMARC Policy: None vs. Quarantine vs. Reject.

No transport security yet

One last metric: MTA-STS (Message Transfer Agent Strict Transport Security) and TLS-RPT (TLS Reporting).

  • MTA-STS published: 0 out of 18 (0%)
  • TLS-RPT published: 0 out of 18 (0%)

This is the easiest miss in the cohort. MTA-STS is a one-file DNS record that tells other mail servers "always encrypt the connection to us—no exceptions." It takes an hour to set up and locks down the last major vulnerability in email transport. None of the 18 have deployed it yet.

This isn't a security scandal—most organizations haven't deployed MTA-STS, and the AI cohort is in good company. But it's an easy win. For companies that are already publishing SPF, DMARC, and DKIM, adding MTA-STS is a natural next step. If you're building a security-forward brand, it's the kind of detail that matters.

Read more: Do I Need MTA-STS?

The takeaway

The AI industry's email authentication posture is mature by the standard of most sectors. A 100% SPF + DMARC + DKIM footprint is rare. An 88.9% enforced policy (reject or quarantine combined) is strong.

But there's a natural next move for the 11 companies on p=quarantine: complete the sender audit and migrate to p=reject. And for all 18: publish MTA-STS. These moves are low-friction and turn a baseline authentication infrastructure into a locked-down supply chain.

For the two companies still on p=none (HuggingFace and Stability AI), the question is: why? If your sender inventory is that complex, even quarantine is better than none. If you're being cautious, that's reasonable—but at a certain scale, caution costs more than the risk it avoids.

Check your domain's DMARC →

Further reading

Frequently asked questions

Do AI companies use email authentication?
Yes. All 18 we scanned (Anthropic, OpenAI, Mistral, and others) publish SPF, DMARC, and DKIM. This makes them the first cohort we've tested to hit 100% on all three.
What is the difference between p=quarantine and p=reject?
p=quarantine sends unauthenticated mail to spam; p=reject bounces it entirely. Reject is stronger, but quarantine is safer while you're confirming all your legitimate senders.
Why would a company choose quarantine over reject?
Quarantine lets you catch misconfigurations (forgotten sender, misconfigured service) before they break email delivery. Once sender inventory is complete, moving to reject is the next step.
Do OpenAI and Anthropic use DMARC?
Yes, both publish DMARC with p=reject—the strongest policy. So does Character AI, Groq, and Modal. Two outliers (HuggingFace and Stability AI) still use p=none, which only reports and allows spoofing.
What is MTA-STS, and do any AI companies use it?
MTA-STS (Message Transfer Agent Strict Transport Security) encrypts the connection between your mail server and theirs. Despite its importance, zero companies in our cohort have published it yet.