Email security (from Q1/2024)[Link]

SPF (Sender Policy Framework) is an email authentication standard that helps protect senders and recipients from spam, spoofing, and phishing. By adding an SPF record to your Domain Name System (DNS), you can provide a public list of senders that are approved to send email from your domain

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that prevents spammers from using your domain to send email without your permission — also known as spoofing. Spammers can forge the “From” address on messages so the spam appears to come from a user in your domain

To prevent threats to your domain like cache poison attacks and DNS spoofing, set up DNS Security Extensions (DNSSEC).

Even if the domain name isn’t used for sending mail, it’s important to implement these standards, so the domain name can’t be abused.


We assess registrars on the presence and correctness of SPF and DMARC for each domain name. SPF is evaluated on the presence of ‘-all’ or ‘~all’. DMARC is evaluated on the presence of ‘p=quarantine’ or ‘p=reject’.

How can you improve your score[Link]

Implement SPF and DMARC for the domain names.

DNSSEC domains with SPF and DMARC[Link]

Percentage of domain names with all security standards implemented (DNSSEC, SPF and DMARC). At this time, we don’t count DNSSEC for your overall score.

Domains with SPF[Link]

Percentage of domain names with a SPF record.

Domains with DMARC[Link]

Percentage of domain names with a DMARC record.