Government and Healthcare Are the Weakest Links in Global Email Security

Government and Healthcare Are the Weakest Links in Global Email Security

Government and Healthcare Are the Weakest Links in Global Email Security

https://securityaffairs.com/194677/security/government-and-healthcare-are-the-weakest-links-in-global-email-security.html?amp

Publish Date: 2026-07-03 04:01:00

Source Domain: securityaffairs.com

Government and Healthcare Are the Weakest Links in Global Email Security

Pierluigi Paganini
July 03, 2026

Government and healthcare sectors have weak email security. Many domains lack SPF, DMARC, DKIM, and MTA-STS, leaving them open to phishing attacks.

Comparitech analyzed live DNS records for 5,849 domains across 13 sectors and scored each one out of 8 points based on four standard email authentication protocols: SPF, DMARC, DKIM, and MTA-STS. The results aren’t flattering. More than 8 percent of organizations had zero protection in place, and only 0.6 percent — 33 domains out of 5,849 — scored full marks. That’s 33 organizations out of nearly 6,000 doing everything right.

Government came last, with an average score of 2.73 out of 8.

“121 out of the 452 domains we scanned had zero protections in place (27%)–the highest of all sectors.” reads the report published by Comparitech. “No government domains scored full marks, but three did score 7.5 – Australia’s national science agency (CSIRO), the Mila – Quebec Artificial Intelligence Institute in Canada, and The Alan Turing Institute in the UK (also dedicated to data science and artificial intelligence).”

China’s government domains averaged just 0.9, with 65 percent having no protection at all. France wasn’t far behind at 1.4 average and 47 percent unprotected. The UK and US were the best performers in the sector, but even 17 percent of US government domains had zero protection — despite a Department of Homeland Security mandate requiring DMARC on all federal email domains.

Healthcare providers ranked second-worst at 3.43.

“85 out of the 438 domains we scanned had zero protections in place (19%) — the second highest of all sectors.” continues the report. “Four domains scored full points. Three of these were part of the UK’s NHS (NHS Blood and Transplant, Manchester University NHS…

Source