One-third of top 10,000 websites lack DMARC email authentication, 2026 scan finds

·1 views

A June 2026 analysis of the Tranco top 10,000 domains found that 33.4% publish no DMARC record, leaving them without any published policy for handling email authentication failures. Even among domains that do have DMARC, only 46.5% are set to the strictest enforcement level, p=reject, while 26% remain at p=none, which monitors but does not block suspicious email. One in four domains also had no SPF record, and 1.7% published SPF records that exceed the DNS lookup limit, causing silent authentication failures. MTA-STS, a standard that enforces TLS encryption during email delivery, was almost entirely absent, with 97.8% of domains lacking a policy. The findings suggest that while awareness of email authentication standards has grown — especially after Google and Yahoo mandated DMARC for bulk senders in 2024 — most deployments stall before reaching meaningful protection.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

EZLogs lets anyone query their product in plain English and get cited, real-time answers

A tool called EZLogs allows anyone in a company — not just engineers or analysts — to ask questions about their own product using plain language and receive automatically monitored answers. Users can pin questions such as tracking when a trial account goes inactive, and the system alerts them when conditions change, with responses written in plain English. Every figure in an alert links directly back to the underlying real events, so claims are verifiable with a single click rather than relying on AI inference. The AI component is limited to translating natural-language questions into system queries and rephrasing results, while all data is drawn from actual logged events. The tool is positioned as distinct from engineering-focused monitoring platforms like Datadog, targeting a broader, non-technical audience across sales, support, design, and leadership.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Being a Great Coder Is No Longer Enough to Stand Out in Tech

The software development job market has grown so competitive that technical skills alone are no longer sufficient for career visibility. Developers are now expected to build personal brands, contribute to open source, create content, and engage with professional communities alongside their core engineering work. While companies still hire engineers to solve technical problems, opportunities increasingly come through public presence and reputation rather than certifications alone. Experts note that the technical bar remains high, but standing out now requires combining strong coding ability with communication and community involvement. In effect, software engineering has expanded beyond writing code to building credibility and a professional reputation.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds Decentralized Anti-Cheat System to Distribute Trust Across Nodes

A developer is building an open-source project called GameSecure that takes a decentralized approach to game anti-cheat, moving away from relying on a single client or server to make cheat decisions. Instead, gameplay events are converted into validation tasks and distributed across independent validator nodes, with a consensus mechanism determining the final verdict. The project is written in Go, chosen for its strong concurrency and networking capabilities. The biggest engineering challenge has been ensuring the system remains trustworthy even when some validator nodes act maliciously, a problem rooted in distributed systems design rather than game logic. GameSecure is still under active development, with the creator continuing to refine evidence collection and other core components.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

How Improper HttpClient Usage Causes Socket Exhaustion in .NET APIs

A .NET production system began experiencing random timeouts with no visible errors or warnings, a symptom of socket exhaustion caused by improper HttpClient instantiation. Each time HttpClient is created and disposed within a request, it leaves TCP sockets in a TIME_WAIT state, gradually exhausting available connections. The fix involved registering HttpClient as a managed service using IHttpClientFactory with a configured SocketsHttpHandler to reuse connections efficiently. This change stabilized the system and restored service-level agreement compliance. The incident highlights a common but overlooked pitfall in .NET microservice development where object lifecycle mismanagement leads to silent infrastructure degradation.

0 comments Read more at DEV Community