Data for this report was collected on May 18, 2021 and it contains data for the top 1,000,000 sites as defined by Tranco.
Sender Policy Framework (SPF) defined in RFC 7208 is protocol to help prevent email spoofing. SPF works by authorizing hosts to send email on behalf of domains and receivers of email check if the sending host is authorized. SPF checks the HELO and/or the MAIL FROM during the SMTP connection.
These charts includes all sites, even those without MX records. This done since all domains can be used in phishing campaigns, even if they do not have MX, A, other public DNS records.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is defined in RFC 7489 and is a protocol used to help domain owner's protect their domain and provide data to the domain owner on the domain has been used for sending. DMARC works with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate mail messages. DMARC matches on the From field on the mail message as defined in RFC 5322.
DNS Certification Authority Authorization (CAA) Resource Records are defined in RFC 8659 and allow a domain owner to specify which certificate authorities can issue certificates for a domain. The goal of CAA is to reduce the number of mis-issued certificates. CAA also provides mechanism for CAs to report attempted mis-issuance of certificates.
Using a set of regex we determine the DNS and Email providers. This isn't perfect but gets the job done. If you want to help improve this please open a merge request on GitLab.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Created by Matthew Burket.
This project is open source (GPLv2)! See the Source Code