We measured the internet's domain security. Most of it is exposed by default.
A large share of domains publish no SPF and no DMARC at all — meaning anyone can forge email that looks like it came from them. We've already graded 262 million+ live domains across 1385 TLDs, each across 34 checks, refreshed continuously.
Independent · 262M+ domains graded · 34 checks · data processed in the EU · aggregate-only (we never publish your grade)
Why your domain's grade matters
Your domain isn't just your website address — it's how customers tell a real email from a fake one, and how their browser decides your site is safe. When it's weak:
- Your email can be forged — criminals send fake invoices "from you" to your own customers.
- Your real email lands in spam — quotes and invoices quietly go unseen, and deals stall.
- You fail other people's security checks — and lose the contract to a competitor who passed.
The good news: almost every problem we find is free and quick to fix. We tell you exactly what's wrong and how to fix it — for free.
Browse the data
- The most & least secure TLDs — every TLD's league table
- Compare TLD security (.com vs .org, .io vs .ai…)
- The State of Domain Security 2026 — our full report from the census
- How to stop your email being spoofed (DMARC), SPF, DKIM — free guides
- FAQ · About
We publish aggregate patterns only. An individual domain’s grade is shown only to its verified owner — never publicly.