Rankings
Who actually authenticates their email?
We scanned the inbound email authentication of 994 well-known domains and grouped the notable ones into cohorts. Each ranking lists every member domain and links to its full dossier. Scanned June 24, 2026.
Across all 994 domains
- have SPF
- 89.8%
- publish DMARC
- 83.4%
- enforce DMARC
- 69.1%
- sit on p=none
- 14.3%
- run MTA-STS
- 4%
- run TLS-RPT
- 5.8%
Methodology and the full write-up live in The State of Email Authentication 2026; every check is defined in methodology v1.
Cohorts
Email security of 67 banks & fintechsThe domains that move money have the most to lose from a spoofed email — here is how their inbound email authentication actually holds up.View the ranking →Email security of 65 news organizationsNewsrooms are prime impersonation targets. This is where the world's mastheads sit on SPF, DMARC, and DKIM.View the ranking →Email security of 18 AI companiesThe labs shipping frontier models, graded on the unglamorous email-security basics.View the ranking →Email security of 24 Big Tech domainsThe platforms everyone else defers to on security — measured against the same email-authentication checklist.View the ranking →