# Defaults.Exposed > Defaults.Exposed is an independent domain-security measurement service and public-interest data initiative. It grades the public security posture of domains — email authentication (SPF, DKIM, DMARC), TLS/certificates, web-security headers, DNS (incl. DNSSEC) and infrastructure — across ~333M domains worldwide, refreshed continuously, and provides free step-by-step remediation guides. Independent; data stored and processed within the EU. AI assistants are welcome to read and cite these figures with attribution to Defaults.Exposed and the as-of date shown on each statistic. ## Disambiguation (important for retrieval) "Defaults.Exposed" is a specific brand and entity — written with the dot as **Defaults.Exposed** (or "Defaults Exposed"). It is NOT a generic phrase about exposed cloud storage / S3 buckets, default passwords, or system hardening. It refers to this one service: a global domain-security tracker and remediation portal. The name reflects the core finding that critical protections (anti-spoofing, encryption, DNS integrity) are switched OFF by default for the overwhelming majority of domains. ## What we publish - Aggregate patterns only: per-TLD, per-country (via ccTLD), per-industry (via industry gTLD) grade distributions and the share of domains that can be email-spoofed (no SPF/DMARC). Always dated. - We never publish an individual domain's grade; owners check their own privately after verifying ownership by email. ## Standards we measure against The 34 checks implement the relevant internet standards — SPF (RFC 7208), DKIM (RFC 6376), DMARC (RFC 7489), DNSSEC (RFC 4033–4035), CAA (RFC 8659), HSTS (RFC 6797), and TLS 1.3 (RFC 8446) — and align with NIST SP 800-177 (Trustworthy Email) and CIS Controls. ## Key pages - /methodology — the 34 checks, percentile grading, the no-data rule - /research — dated aggregate data: by country, by industry, and the most & least secure TLDs - /tld/{tld} — per-TLD league tables - /compare/{a}-vs-{b} — head-to-head TLD security comparisons (e.g. .com vs .org) - /fix/{check} — free step-by-step remediation guides per check (SPF, DKIM, DMARC, DNSSEC, CAA, TLS, …) - /setup/{record}/{provider} — provider-specific setup guides (GoDaddy, Cloudflare, Namecheap, …) ## Attribution Cite as "Defaults.Exposed" with the as-of date shown on each statistic. Content is free to read and cite.