How 66% of AI Firms Leave Email Spoofing Vulnerabilities Exposed

A recent analysis of 39 prominent AI companies—spanning labs, safety organizations, and tooling providers—has uncovered alarming gaps in email security that leave their domains vulnerable to spoofing attacks. The investigation, which examined Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting & Conformance (DMARC) records, found that 66% of these firms rely on softfail policies, effectively permitting unauthorized senders to mimic their correspondence.

The Staggering Scale of SPF Weakness

The study revealed that 26 of the 39 companies—including industry giants like Anthropic, Google, Apple, NVIDIA, and Hugging Face—configure their SPF records with a ~all (softfail) mechanism. This setting instructs email servers to accept messages from unapproved senders while optionally flagging them as suspicious. In practice, softfail policies often result in delivery without scrutiny, leaving the door open for phishing campaigns.

In contrast, 10 companies enforce strict SPF hardfails (-all), blocking unauthorized senders outright. These include OpenAI, Microsoft, Amazon, Palantir, and x.ai. Three companies—Meta, Tesla, and the Alignment Forum—lack SPF records entirely, rendering their email domains defenseless against spoofing without additional protections.

Why Softfail Policies Are a Security Risk

SPF acts as a gatekeeper, specifying which IP addresses are authorized to send emails on behalf of a domain. When a sender isn’t listed in the SPF record, the policy’s all mechanism determines the response:

• -all (hardfail): Reject the email entirely.
• ~all (softfail): Accept with a potential spam score increase.
• ?all (neutral): Take no action—effectively no enforcement.
• +all (pass all): Accept all senders, regardless of authorization.

Most email providers treat softfail as a mild warning rather than a barrier. When combined with lax DMARC policies, this creates a critical vulnerability: attackers can craft emails that appear to originate from these domains, tricking recipients into sharing sensitive information or clicking malicious links.

The Most Exposed Companies Revealed

Some AI firms stand out for their particularly weak configurations. Cohere, for instance, permits six different email services—including Google, Proofpoint, and Salesforce—to send on its behalf, yet relies solely on a softfail SPF policy. This broad approval list combined with weak enforcement creates an expansive attack surface.

Other notable cases include:

• Jasper: Allows seven email providers but uses a hardfail SPF policy, while its DMARC policy is set to quarantine messages.
• Weaviate: Includes six authorized senders but defaults to softfail SPF and quarantine DMARC.
• Scale AI: Permits five email services with softfail SPF and reject DMARC, though the latter’s effectiveness is undermined by the former.
• Tesla: Has no SPF record and 13 IP ranges approved for sending, with a neutral DMARC policy (?all).

These configurations highlight how even companies with seemingly strict DMARC policies may still be compromised by weak SPF enforcement.

DMARC: The Double-Edged Sword

DMARC policies dictate how receiving servers handle emails that fail SPF or DKIM checks. A p=reject setting blocks spoofed messages outright, while p=none allows them through—effectively nullifying SPF’s protective value.

The audit found nine companies with either no DMARC record or a monitoring-only (`p=none`) policy, including safety-focused organizations like MIRI and Alignment Forum. For entities dedicated to mitigating existential AI risks, this oversight is paradoxically ironic.

Key findings on DMARC enforcement:

• OpenAI, Microsoft, Stripe: Strict -all SPF with p=reject DMARC.
• Anthropic: Softfail SPF but compensates with p=reject DMARC, blocking spoofed emails.
• Inflection AI, xAI, Aleph Alpha, Qdrant, Metaculus: DMARC set to p=none, monitoring only.

Anomalies and Oddities

The investigation also uncovered unusual infrastructure choices. xAI, for example, uses an SSL certificate issued by a Chinese provider (Guantong Baota Security Technology Co.), and its DMARC reports are routed to Alibaba Cloud. Additionally, the domain was registered in 1994—three decades before the company’s founding—suggesting potential acquisition or rebranding. The domain’s response time clocks in at 660 milliseconds, unusually slow for a modern tech firm.

How to Assess Your Own Email Security

The data for this analysis was derived entirely from public DNS records. To check a domain’s SPF and DMARC policies, run these commands in your terminal:

dig +short TXT example.com      # SPF record
dig +short TXT _dmarc.example.com  # DMARC policy
dig +short MX example.com       # Mail servers

For a user-friendly alternative, an interactive email security checker is available at domainintel.vercel.app, where users can input any domain to receive real-time reports on SPF policies, DMARC enforcement, approved senders, and associated mail providers. The full dataset, including domain verification records and infrastructure details, is also accessible on the same platform.

A Call for Proactive Security Measures

The prevalence of softfail SPF policies among AI companies is not just a technical oversight—it’s a systemic risk. As phishing attacks grow more sophisticated, even minor vulnerabilities can lead to catastrophic breaches. Organizations must prioritize email authentication as a foundational security measure, not an afterthought.

The next wave of AI advancements will depend on trust, and that trust begins with secure communication. Companies that neglect these protocols today may face reputational damage, financial losses, or worse—unwittingly enabling the very threats they aim to combat.