By Cargo / Livestock
Livestock Carriers — Email Security
76.9% of active livestock carrier domains have no enforced DMARC — leaving this segment open to email impersonation, payment-redirect fraud, and cargo theft via phishing.
No enforced DMARC
76.9%
national: 80.1%
p=reject
10.1%
national: 7.5%
Microsoft 365
29.0%
national: 38.1%
M365 + no DMARC (carriers)
1,111
national: 92,822
MTA-STS
5.3%
national: 3.3%
DNSSEC
5.1%
national: 6.1%
Dead domains
298
of 5,073 scanned
Total carriers
7,958
298 with dead domain
Risk bands — Livestock carriers
Carrier counts by risk band (composite email-security pain score). Critical = score 70+; Minimal = score <15.
| Risk band | Score range | Carriers | Domains |
|---|---|---|---|
| Critical | score 70+ | 640 | 520 |
| High | score 50–69 | 2,515 | 1,595 |
| Medium | score 30–49 | 2,960 | 1,823 |
| Low | score 15–29 | 1,484 | 794 |
| Minimal | score <15 | 61 | 43 |
Livestock vs. national average
What the Livestock numbers actually mean
Segment exposure framing. Livestock transport is animal-welfare-regulated and time-critical — a redirected dispatch instruction risks animal welfare violations as well as freight loss.
DMARC posture. The livestocksegment's share of carrier domains with no enforced DMARC sits at 76.9% — better than the national average by 3.2 points. Livestock carriers adopt enforced p=reject DMARC at a meaningfully higher rate than the national pool. At the protective end of the distribution, 10.1% of segment domains are at p=reject — the only DMARC policy that actually instructs receivers to drop spoofed mail.
Microsoft 365 surface. Microsoft 365 mailflow adoption sits below the national rate, which shifts the remediation surface toward self-hosted and Google Workspace estates where DMARC has to be configured at the DNS layer rather than flipped on in a tenant policy. That share is 14.0% of all livestock carriers — a one-flag-flip remediation set that segment-specific MSPs can clear in a single quarter without touching DNS infrastructure.
Transport encryption. MTA-STS adoption — the encrypted-transport policy that prevents DNS-downgrade interception — runs above the national rate, but the absolute floor is still under 10%, well short of where freight payment flows should sit. DNSSEC adoption across livestock carriers runs at 5.1% (vs 6.1% national).
Risk-band shape. Livestock's critical and high bands combine to 39.6% of segment carriers — close to the national distribution, meaning remediation prioritization here should follow the same shape as the national program.
Best-practice control for this segment. Livestock shippers should treat carrier email-security verification as part of the same welfare-compliance posture that produces health certificates and shipping permits.
Compare Livestock with other cargo segments
Segments closest in carrier-count rank to Livestock. Each is scored on the same DNS-derived control set, so the comparison is apples-to-apples.
See where your own domain stands
The research is free and self-serve. Run the same public checks on your own domain in about a minute — SPF, DKIM, DMARC, MTA-STS, DNSSEC, and more — and get a scored report by email. No agents, no credentials.
Data as of 2026-05-20 from public DNS measurements. Statistics are domain-weighted unless noted. Cargo segment membership is based on FMCSA Company Census cargo flags. Methodology: read the full index.