Email security

SPF (Sender Policy Framework) is an email authentication standard that helps protect senders and recipients from spam, spoofing, and phishing. By adding an SPF record to your Domain Name System (DNS), you can provide a public list of senders that are approved to send email from your domain

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that prevents spammers from using your domain to send email without your permission — also known as spoofing. Spammers can forge the “From” address on messages so the spam appears to come from a user in your domain

To prevent threats to your domain like cache poison attacks and DNS spoofing, set up DNS Security Extensions (DNSSEC).

Even if the domain name isn’t used for sending mail, it’s important to implement these standards, so the domain name can’t be abused.

Score

We assess registrars on the presence and correctness of SPF and DMARC for each domain name. SPF is evaluated on the presence of ‘-all’ or ‘~all’. DMARC is evaluated on the presence of ‘p=quarantine’ or ‘p=reject’.

How can you improve your score

Implement SPF and DMARC for the domain names.

DNSSEC domains with SPF and DMARC

Percentage of domain names with all security standards implemented (DNSSEC, SPF and DMARC). At this time, we don’t count DNSSEC for your overall score.

Domains with SPF

Percentage of domain names with a SPF record.

Domains with DMARC

Percentage of domain names with a DMARC record.