~ / wall-of-shame / domains.json

Live · — ▶ check_my_domain.sh repo

 ██████╗ ███╗   ███╗ █████╗ ██████╗  ██████╗
 ██╔══██╗████╗ ████║██╔══██╗██╔══██╗██╔════╝
 ██║  ██║██╔████╔██║███████║██████╔╝██║     
 ██║  ██║██║╚██╔╝██║██╔══██║██╔══██╗██║     
 ██████╔╝██║ ╚═╝ ██║██║  ██║██║  ██║╚██████╗
 ╚═════╝ ╚═╝     ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝ ╚═════╝
   [public audit log]

wall of shame How to fix ▶

total_records

—

no_dmarc

—

policy=none

—

organisation

domain

tld

industry

status

checked

resolving records

About this list & disclaimers

Domains here lack proper enforcement: no DMARC record or p=none (monitor-only). p=none can be a temporary monitoring step, not a permanent posture. Parked domains should use strong DMARC (e.g. p=reject) and SPF such as v=spf1 -all. See NCSC: protecting parked domains.

Entries reflect publicly observable DNS at the time of the automated check; they clear when fixed. This is for education and awareness only. Presence on the list does not imply misconduct. Companies may have correct DMARC on other domains. Entra / Microsoft 365 tenants should also cover .onmicrosoft.com ( reference); this list excludes those hostnames.

Contribute or inspect source: DMARC-WallOfShame on GitHub. Machine-readable data: non_dmarc.json. Human summary for tools: llms.txt.

DMARC Wall of Shame