Defaults.Exposed › About Defaults.Exposed
About Defaults.Exposed
Who we are
Defaults.Exposed is an independent domain-security service. We measure how well the world’s websites and email are protected, explain what that means for ordinary businesses in plain language, and help any business owner check and fix their own domain — for free.
We’re not a security vendor selling fear. We exist because of one stubborn fact in the data: the basic protections that stop your email being forged and your customers being misled are, for the overwhelming majority of domains, simply switched off — and most owners have never been told.
The legal entity behind the service is Defaults Exposed FZ-LLC. Our data is stored and processed within the EU.
Why we exist — the mission
Our mission is simple: make domain security visible and fixable for every business.
Domain security has stayed invisible for years for two reasons. First, it’s hidden in technical settings most owners never see and were never expected to understand. Second, the people who do understand it have mostly talked to each other in jargon, not to the business owner whose livelihood actually depends on it.
We’re trying to change both. We turn the invisible into something you can see at a glance, and we turn “you have a problem” into a short, clear set of steps that are free to follow.
The data: we measured the whole internet from the outside
To understand the real state of things, we didn’t survey or guess — we measured. We’ve independently graded around 262 million live domains so far, on the way to a full census of roughly 333 million, each one checked against 34 security tests covering email authentication, encryption (TLS and certificates), web-security settings, and the domain’s own DNS.
Three things make this trustworthy:
- From the outside. Every check is something anyone on the internet can observe — exactly what a customer’s mail server or a criminal would see. We never need access to anyone’s systems, accounts, or data to grade a domain.
- Independent. We’re not grading our own customers or marking our own homework. We measure the same way for everyone, with no relationship to the domains we look at.
- EU-based. The data is stored and processed within the EU.
The picture that emerged is blunt: 86.3% of graded domains score an F, the lowest grade, and fewer than 0.02% earn an A. This isn’t a few neglected sites — it’s the default state of the internet. That default is what our name is about.
Why this matters to a normal business
If you run a business, a poorly protected domain isn’t an abstract technical score. It shows up in everyday, costly ways:
- Your email can be forged. Without the right settings, a criminal can send email that looks exactly like it came from you — to your customers, your staff, your suppliers — and it lands in the inbox looking genuine. That’s how fake-invoice and “urgent payment” scams work.
- You lose trust. When your domain gets used to trick people, or your site shows visitors a “Not secure” warning, the damage lands on your name — even when the genuine fault was a setting nobody switched on.
- Deals quietly fall through. Bigger customers often run a quick check on your domain before they sign. “This domain can be spoofed” is enough to lose the contract — and your own real quotes and invoices are more likely to be junked as spam, so business goes cold without you ever knowing why.
The encouraging part — and the reason we built this — is that most of these problems are free and quick to fix. The barrier was almost never money. It was that nobody told the owner it mattered, or how.
Who it helps
- Business owners who want a plain-English answer to “is my domain safe, and if not, what do I do?” — without needing to understand a single technical term.
- The people who manage it for them — an in-house IT person, a web developer, or an outside agency — who get a clear, specific checklist of exactly what to change, which saves everyone time.
You don’t need to be technical to use Defaults.Exposed. If you are technical, you’ll find the detail you need without the noise.
Our promise: aggregate in public, your grade only to you
This is the line we will not cross. The figures we publish are always aggregate patterns — how whole countries, industries, and the internet as a whole are doing. We never publish an individual domain’s grade.
The only person who can see a specific domain’s grade is its verified owner — and to prove you’re the owner, you enter a one-time code we email to an address at that domain. No one can look up your business, your competitor, or anyone else. Your result is yours alone.
And to be completely clear: the fixes are always free. We only ever charge to keep watch over time and tell you if something slips — never to tell you what’s wrong or how to put it right.
See where your own domain stands
The headline numbers are averages. Your domain might be one of the rare few that earn an A — or one of the many that don’t. You can check it privately and for free, see exactly which of the 34 checks you pass, and get plain-English steps to fix the ones you don’t.