WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
HOME ACCOUNT PRODUCTS NEWS ARTICLES DIRECTORY CLASSIFIEDS FORUMS TOOLS
* Read The Latest Technology, Web Hosting And Website Related News !
  Home News Web Hosting Domain Name Industry Friday, May 1, 2026 
Add Press Release News | News Feeds Feeds | Email This News Email


New Study Reveals Massive Email Security Risks Due to Misconfigured Security Records Across 1 Million Domains
Wednesday, June 21, 2023

MELBOURNE, Australia, June 14, 2023 /PRNewswire/ -- Today, Stratus Security announced the findings of a ground-breaking study examining the security measures of over 1 million internet domains. The research, which analyzed the implementation of critical email security measures, identified a concerning trend: a significant percentage of domains are vulnerable to phishing attacks due to misconfigured security records.

Stratus Security's research focused on the configuration of Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting & Conformance (DMARC) records - crucial defenses in protecting a domain and its users from phishing attacks. Correct configuration of these measures prevents unauthorized parties from sending emails using a domain's identity.

However, the study uncovered widespread misconfigurations leaving domains open to exploitation. Alarmingly, this included highly sensitive government and education domains, commercial entities, and even some surprising outliers like North Korea's sole domain in the study, the Ministry of Foreign Affairs (mfa.gov.kp).

Stratus Security's researchers found that misconfigurations could potentially allow malicious actors to send emails appearing to come directly from these domains. The most alarming cases were domains tagged with '+all' in their SPF records, essentially inviting anyone to send emails as that domain, with no indications of phishing. One such domain was the Greek public employment service (dypa.gov.gr) - making it possible for virtually anyone to send an email posing as an official communication from this institution.

Stratus Security CTO, Colin Watson, explains: "Phishing attacks rely on trust. When an email appears to come from a reputable source, users and businesses are much more likely to engage with its content. That's why these misconfigurations present such a risk. It's essentially rolling out a red carpet for threat actors to exploit."

The full findings, including additional case studies, are detailed in a comprehensive blog post available on the Stratus Security website: https://www.stratussecurity.com/post/email-security-top-1-million-domains

Stratus Security urges organizations to review and correct their SPF and DMARC records, perform regular audits, foster cybersecurity awareness among their teams, and seek expert assistance if needed. They stand committed to supporting businesses in this endeavor, with the belief in building a safer digital landscape--one domain at a time.

For more information about this study, or to schedule an interview with Stratus, please email contact@stratussecurity.com or call 1300 379 289.

About Stratus Security

Stratus Security is a leading cybersecurity consultancy specializing in next-generation offensive security services, including penetration testing, vulnerability assessments, and red team exercises. With a team of seasoned professionals and a relentless focus on innovation, Stratus Security enables businesses to proactively safeguard their digital assets and excel in the digital age. For more information, please visit https://www.stratussecurity.com or follow Stratus Security on LinkedIn and Twitter.

For media inquiries, please contact:

Colin Watson

Chief Technology Officer

Stratus Security

Phone: 1300 379 289

Email: 360637@email4pr.com

View original content:https://www.prnewswire.com/news-releases/new-study-reveals-massive-email-security-risks-due-to-misconfigured-security-records-across-1-million-domains-301849540.html

SOURCE Stratus Security



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav Weekly Recap: 11 Tech Press Releases You Need to See | Jan 22, 2026
Nav Sup AI Sets New Benchmark Record with 52.15% on Humanity's Last Exam | Jan 22, 2026
Nav DEADLINE ANNOUNCED FOR 2026 NEW TOP-LEVEL DOMAIN APPLICATIONS | Jan 22, 2026
Nav Trigent Partners with WeWork India to Expand its GCC Footprint | Jan 22, 2026
Nav Skunk Works® and XTEND Expand Joint All Domain Command and Control for Advanced Mission Execution | Jan 22, 2026
Nav Exia Labs Brings Keystone to the U.S. Navy via DIU's Blue Object Management Challenge | Jan 22, 2026
Nav Altair HyperWorks 2026 Delivers Design and Simulation at Scale with AI | Jan 22, 2026
Nav Glasswall Brings Defense-Level File Sanitization to Every Government Agency and Business Using Microsoft 365 | Jan 22, 2026
Nav Genpact Named a Leader in ISG Provider Lens(TM) 2025 for Insurance GCCs and Agentic AI Services | Jan 22, 2026
Nav The Roadmap to Securing Your Own Digital Domain is Now Available | Jan 22, 2026
NEWS SEARCH
Survey Software
Survey Software
Click Tracking Software
Click Tracking
Poll Software
Poll Software
Rating Software
Rating Software
FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News
Copyright © 2003-2026 WebsiteGear Inc. All rights reserved. WEBSITEGEAR® is a registered trademark of WebsiteGear Inc.