I queried the DNS records for 39 AI companies — labs, safety orgs, tooling companies — and checked their SPF and DMARC email security policies. The results are worse than I expected.
The headline number
-
26 of 39 use SPF
~all(softfail) — including Anthropic, Google, Apple, NVIDIA, and Hugging Face -
10 of 39 use SPF
-all(hardfail) — OpenAI, Microsoft, Amazon, Palantir, x.ai - 3 of 39 have no SPF record at all — Meta, Tesla, Alignment Forum
Why softfail matters
SPF (Sender Policy Framework) tells receiving mail servers which IPs are authorized to send email on behalf of a domain. The all mechanism at the end defines what happens when a sender isn't on the list:
-
-all(hardfail): reject the message -
~all(softfail): accept it but maybe flag it -
?all(neutral): no opinion -
+all(pass all): accept everything
Most email servers treat softfail as "deliver normally, maybe add a spam score." Combined with weak DMARC policies, this means spoofed emails from most AI companies will land in inboxes.
The worst combinations
| Company | SPF Includes | SPF Policy | DMARC |
|---|---|---|---|
| Cohere | 6 (Google, Proofpoint, Outlook, Salesforce, Marketo, SES) | ~all | p=reject |
| Jasper | 7 (Google, HelpScout, SendGrid, Salesforce, Zendesk, HubSpot, Highspot) | -all | p=reject |
| Weaviate | 6 (SendGrid, 3 custom records, HubSpot, Google) | ~all | p=quarantine |
| Scale AI | 5 (Autopilot, Customer.io, SendGrid, Google, HubSpot) | ~all | p=reject |
| Tesla | 0 includes, 13 IP ranges | ?all (neutral) | p=quarantine |
Cohere stands out: 6 approved sending services with only softfail. That's a wide attack surface with weak enforcement.
DMARC makes it worse
DMARC tells receivers what to do when both SPF and DKIM fail. p=reject blocks spoofed messages. p=none lets them through.
No DMARC at all:
- Alignment Forum (also no SPF — zero email authentication)
- Manifold Markets
DMARC monitoring-only (p=none):
- MIRI, Hugging Face, Inflection AI, xAI, Aleph Alpha, Qdrant, Metaculus
That's 9/39 domains (23%) with weak or absent DMARC. For AI safety organizations like MIRI and Alignment Forum, this is notable — organizations focused on existential risk from advanced AI, vulnerable to basic email impersonation.
The strong side
OpenAI (-all, p=reject), Microsoft (-all, p=reject), Anthropic (~all, p=reject), and Stripe (-all, p=reject) all have strict DMARC enforcement. Anthropic's DMARC compensates for the SPF softfail — even if SPF softfails, DMARC with p=reject will block the message.
One weird finding
xAI's infrastructure is unusual: SSL certificate from a Chinese issuer (Guangdong Baota Security Technology), DMARC reports sent to Alibaba Cloud, domain registered in 1994 (32 years before xAI was founded). Response time: 660ms.
Try it yourself
All data comes from public DNS records. Verify any claim:
dig +short TXT example.com # SPF record
dig +short TXT _dmarc.example.com # DMARC policy
dig +short MX example.com # Mail servers
I built an interactive email security checker where you can enter any domain and see its SPF policy, DMARC enforcement, approved sender list, and mail provider — all from live DNS queries.
The full analysis of all 39 companies, including Anthropic domain verification records, MCPv1 cryptographic keys, and infrastructure details, is at domainintel.vercel.app/research.
Data collected May 20, 2026. All sources are public — DNS records, SSL certificates, WHOIS, HTTP headers.
Top comments (1)
Useful dataset, and I like that you separate SPF policy from DMARC policy here. One caution I would add: SPF
~allby itself does not always mean “the domain can be spoofed into inboxes” if the domain has DMARC enforcement and DKIM alignment working.The receiver is usually making a DMARC decision from aligned SPF or aligned DKIM. So a random unauthorized sender can softfail SPF, but if it also lacks aligned DKIM and the visible From domain has
p=reject, the important result is still DMARC fail/reject. That is why the Anthropic example is a good caveat: softfail SPF looks weaker, but strict DMARC can still carry the enforcement.Where I would worry most is the combination: broad SPF includes, no/weak DMARC policy, missing DKIM alignment, or lots of SaaS senders where nobody knows which subdomain is supposed to be authoritative. That is usually where impersonation risk becomes practical rather than just ugly DNS hygiene.