DEV Community

John Leslie
John Leslie

Posted on

26 of 39 AI Companies Use SPF Softfail — Their Email Can Be Spoofed

#security #dns #email #ai

I queried the DNS records for 39 AI companies — labs, safety orgs, tooling companies — and checked their SPF and DMARC email security policies. The results are worse than I expected.

The headline number

  • 26 of 39 use SPF ~all (softfail) — including Anthropic, Google, Apple, NVIDIA, and Hugging Face
  • 10 of 39 use SPF -all (hardfail) — OpenAI, Microsoft, Amazon, Palantir, x.ai
  • 3 of 39 have no SPF record at all — Meta, Tesla, Alignment Forum

Why softfail matters

SPF (Sender Policy Framework) tells receiving mail servers which IPs are authorized to send email on behalf of a domain. The all mechanism at the end defines what happens when a sender isn't on the list:

  • -all (hardfail): reject the message
  • ~all (softfail): accept it but maybe flag it
  • ?all (neutral): no opinion
  • +all (pass all): accept everything

Most email servers treat softfail as "deliver normally, maybe add a spam score." Combined with weak DMARC policies, this means spoofed emails from most AI companies will land in inboxes.

The worst combinations

Company SPF Includes SPF Policy DMARC
Cohere 6 (Google, Proofpoint, Outlook, Salesforce, Marketo, SES) ~all p=reject
Jasper 7 (Google, HelpScout, SendGrid, Salesforce, Zendesk, HubSpot, Highspot) -all p=reject
Weaviate 6 (SendGrid, 3 custom records, HubSpot, Google) ~all p=quarantine
Scale AI 5 (Autopilot, Customer.io, SendGrid, Google, HubSpot) ~all p=reject
Tesla 0 includes, 13 IP ranges ?all (neutral) p=quarantine

Cohere stands out: 6 approved sending services with only softfail. That's a wide attack surface with weak enforcement.

DMARC makes it worse

DMARC tells receivers what to do when both SPF and DKIM fail. p=reject blocks spoofed messages. p=none lets them through.

No DMARC at all:

  • Alignment Forum (also no SPF — zero email authentication)
  • Manifold Markets

DMARC monitoring-only (p=none):

  • MIRI, Hugging Face, Inflection AI, xAI, Aleph Alpha, Qdrant, Metaculus

That's 9/39 domains (23%) with weak or absent DMARC. For AI safety organizations like MIRI and Alignment Forum, this is notable — organizations focused on existential risk from advanced AI, vulnerable to basic email impersonation.

The strong side

OpenAI (-all, p=reject), Microsoft (-all, p=reject), Anthropic (~all, p=reject), and Stripe (-all, p=reject) all have strict DMARC enforcement. Anthropic's DMARC compensates for the SPF softfail — even if SPF softfails, DMARC with p=reject will block the message.

One weird finding

xAI's infrastructure is unusual: SSL certificate from a Chinese issuer (Guangdong Baota Security Technology), DMARC reports sent to Alibaba Cloud, domain registered in 1994 (32 years before xAI was founded). Response time: 660ms.

Try it yourself

All data comes from public DNS records. Verify any claim:

dig +short TXT example.com           # SPF record
dig +short TXT _dmarc.example.com    # DMARC policy
dig +short MX example.com            # Mail servers
Enter fullscreen mode Exit fullscreen mode

I built an interactive email security checker where you can enter any domain and see its SPF policy, DMARC enforcement, approved sender list, and mail provider — all from live DNS queries.

The full analysis of all 39 companies, including Anthropic domain verification records, MCPv1 cryptographic keys, and infrastructure details, is at domainintel.vercel.app/research.

Data collected May 20, 2026. All sources are public — DNS records, SSL certificates, WHOIS, HTTP headers.

Top comments (0)