📧 Companies without DMARC configured

Name: Companies without DMARC configured
Creator: LynxRadar
Keywords: companies without DMARC, domains missing DMARC, no DMARC policy, email security gaps, DMARC adoption rate, Fortune 500 DMARC, which companies don't have DMARC

These domains have no DMARC record or a permissive policy (p=none), leaving them vulnerable to email spoofing and phishing attacks.

1626

Companies affected

2378

Total scanned

68%

Prevalence

Domain

Score

Tier

Policy

omgpop.com

30/100

Fail

none

trigger.io

35/100

Fail

none

140fire.com

38/100

Fail

none

20n.com

38/100

Fail

none

3dot.com

38/100

Fail

none

+1621 more companies

This dataset is available on request. Leave your work email and we'll send you the full list within 24 hours.

No spam — we only use this to send you the data

Request received

We'll send the full dataset to your inbox shortly. Keep an eye out for an email from the LynxRadar team.

Which companies don't have DMARC configured?

DMARC (Domain-based Message Authentication, Reporting & Conformance) prevents email spoofing by verifying that incoming mail is authorized by the domain owner. Without DMARC, attackers can impersonate a company's domain to send phishing emails to customers, partners, and employees. For vendor security assessments and third-party risk management, a missing DMARC record is a significant red flag. The domains listed below were scanned by LynxRadar and found to have no DMARC record, or a policy set to p=none (monitoring only, no enforcement). This leaves them vulnerable to exact-domain impersonation — the most common form of business email compromise.

LynxRadar scanned 2378 domains including Fortune 500 companies and Y Combinator startups. Of those, 1626 (68%) were found to have this security gap. The data above is updated continuously as new domains are scanned. Scan any domain to check its status.

Frequently Asked Questions

How many companies don't have DMARC?

In LynxRadar's scan of 2378 company domains including Fortune 500 and Y Combinator companies, 1626 (68%) were found without a properly enforced DMARC policy.

Is it safe to do business with a company that has no DMARC?

A missing DMARC record means the company's domain can be spoofed in phishing attacks. While it doesn't mean the company itself is compromised, it indicates a gap in their email security that could put you at risk of receiving fraudulent emails appearing to come from them.

What does DMARC p=none mean?

A DMARC policy of p=none means the domain owner is only monitoring email authentication results without taking any action on failures. Spoofed emails will still be delivered to recipients' inboxes. It provides no protection against impersonation.