dnstats.io

Data for this report was collected on May 16, 2021 and it contains data for the top 1,000,000 sites as defined by Tranco.

SPF

Sender Policy Framework (SPF) defined in RFC 7208 is protocol to help prevent email spoofing. SPF works by authorizing hosts to send email on behalf of domains and receivers of email check if the sending host is authorized. SPF checks the HELO and/or the MAIL FROM during the SMTP connection.

These charts includes all sites, even those without MX records. This done since all domains can be used in phishing campaigns, even if they do not have MX, A, other public DNS records.

SPF Adoption


SPF Policy


DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is defined in RFC 7489 and is a protocol used to help domain owner's protect their domain and provide data to the domain owner on the domain has been used for sending. DMARC works with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate mail messages. DMARC matches on the From field on the mail message as defined in RFC 5322.

DMARC Adoption


DMARC Policy


Subdomain DMARC Policy adoption


Subdomain DMARC Policy


CAA

DNS Certification Authority Authorization (CAA) Resource Records are defined in RFC 8659 and allow a domain owner to specify which certificate authorities can issue certificates for a domain. The goal of CAA is to reduce the number of mis-issued certificates. CAA also provides mechanism for CAs to report attempted mis-issuance of certificates.

CAA Adoption


CAA Reporting


CAA Issue Count


CAA Wildcard Issue Count


Others

Has MX Records

This report says the percentage of scanned domains that have mail exchanger record (MX) records. Having an MX records means that domian is being used for email.

DNSSEC Adoption

Domain Name System Security Extensions DNSSEC as defined in RFC 4033, RFC 4034, and RFC 4036 adds a chain of trust. From the root zone to the requested zone. For more information see this blog post from CloudFlare.

Provider Stats

Using a set of regex we determine the DNS and Email providers. This isn't perfect but gets the job done. If you want to help improve this please open a merge request on GitLab.

Email Providers


DNS Providers


Grading

Combined Grade


CAA Grade


DMARC Grade


SPF Grade



This work is licensed under a Creative Commons Attribution 4.0 International License.

Created by Matthew Burket.

This project is open source (GPLv2)! See the Source Code