This work evaluates the security protocols in a chosen set of domains by scanning their email security measures. To do so we assessed whether the examined domains are configured with the email authentication protocols: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC). These protocols are used for encountering phishing attacks and confronting the exploitation tactics used by attackers.

The results showed that all domains are configured with SPF. However, a lack of DKIM and DMARC utilization was found. We performed the analysis using three different tools to detect potential variations in the results. The study encompassed a total of 25 different domains and the results showed that all domains are configured with a valid SPF, a DKIM key was found in 21 domains, DMARC records were identified in 18 domains, each of these 18 domains adopted one of the three response policies: None, Quarantine, or Reject.

The response policy types varied among the domains, with 11 out of 18 domains setting their policy to None, which is used for monitoring, 4 domains are configured with the Quarantine policy, which sends flagged emails to the spam folder for review, while 3 domains adopt a Reject policy which discards unauthenticated emails.

The study emphasizes the necessity for reliable email authentication measures that aligns with the organization’s requirements and priorities.