Domain.Posture

Universities

Email security of 18 universities

Sprawling, decentralised IT and a domain every student trusts — universities are a spoofing target with an unusually hard email-auth problem.

Across these 18 domains, 100% publish SPF, 100% publish DMARC and 66.7% enforce it (reject or quarantine), 33.3% sit on p=none, and 77.8% sign with DKIM. Scanned June 24, 2026.

Every domain in this cohort

DomainSPFDMARCDKIMMTA-STSTLS-RPT
berkeley.eduSoftfailRejectYesNoNo
cam.ac.ukHardfailRejectYesNoYes
epfl.chPresentQuarantineYesNoNo
harvard.eduSoftfailQuarantineYesNoNo
iisc.ac.inHardfailQuarantineYesNoNo
iitb.ac.inHardfailRejectNoNoNo
ox.ac.ukPresentQuarantineYesNoYes
princeton.eduSoftfailRejectYesNoNo
stanford.eduNeutralQuarantineYesNoNo
tsinghua.edu.cnPresentQuarantineNoNoNo
u-tokyo.ac.jpHardfailRejectNoNoNo
yale.eduSoftfailQuarantineYesNoNo
caltech.eduNeutralNone (monitor)YesNoNo
cmu.eduSoftfailNone (monitor)NoNoNo
ethz.chHardfailNone (monitor)YesNoNo
imperial.ac.ukSoftfailNone (monitor)YesNoNo
mit.eduHardfailNone (monitor)YesNoNo
nus.edu.sgHardfailNone (monitor)YesNoNo

Where does your domain stand?

Run the same 15 checks on your own domain — free, no signup. If you need the result as evidence, the signed Domain Audit Report turns it into a dated artifact your auditor can verify.