26 of 39 AI Companies Use SPF Softfail — Their Email Can Be Spoofed

I queried the DNS records for 39 AI companies - labs, safety orgs, tooling companies - and checked their SPF and DMARC email security policies. The results are worse than I expected. The headline number 26 of 39 use SPF ~all (softfail) - including Anthropic, Google, Apple, NVIDIA, and Hugging Face 10 of 39 use SPF -all (hardfail) - OpenAI, Microsoft, Amazon, Palantir, x.ai 3 of 39 have no SPF record at all - Meta, Tesla, Alignment Forum Why softfail matters SPF (Sender Policy Framework) tells receiving mail servers which IPs are authorized to send email on behalf of a domain.