By State / New Mexico
New Mexico Trucking Email Security
79.1% of active carrier domains in New Mexico have no enforced DMARC — leaving freight operators open to email impersonation, payment-redirect fraud, and cargo theft via phishing.
No enforced DMARC
79.1%
national: 80.1%
p=reject
8.4%
national: 7.5%
Microsoft 365
34.9%
national: 38.1%
M365 + no DMARC (carriers)
349
national: 92,822
MTA-STS
4.4%
national: 3.3%
DNSSEC
6.1%
national: 6.1%
Dead domains
67
of 1,280 scanned
Total carriers
1,737
67 with dead domain
Risk bands — New Mexico carriers
Carrier counts by risk band (composite email-security pain score). Critical = score 70+; Minimal = score <15.
| Risk band | Score range | Carriers | Domains |
|---|---|---|---|
| Critical | score 70+ | 133 | 107 |
| High | score 50–69 | 477 | 426 |
| Medium | score 30–49 | 775 | 492 |
| Low | score 15–29 | 269 | 175 |
| Minimal | score <15 | 16 | 13 |
New Mexico vs. national average
What the New Mexico numbers actually mean
DMARC posture. New Mexico's share of carrier domains with no enforced DMARC sits at 79.1% — within 1.0 points of the national average. enforced p=reject DMARC adoption is roughly in line with the national pool — meaning most New Mexico domains either have no DMARC at all or are stuck at the monitor-only p=none policy. At the protective end of the distribution, 8.4% of New Mexico domains are at p=reject — the only DMARC policy that actually instructs receivers to drop spoofed mail.
Microsoft 365 surface. Microsoft 365 mailflow adoption sits below the national rate, which shifts the remediation surface toward self-hosted and Google Workspace estates where DMARC has to be configured at the DNS layer rather than flipped on in a tenant policy. That share is 20.1% of all New Mexico carriers — a one-flag-flip remediation set that any regional MSP or in-house IT lead can clear in a single quarter.
Transport encryption. MTA-STS adoption — the encrypted-transport policy that prevents DNS-downgrade interception — runs above the national rate, but the absolute floor is still under 9%, well short of where freight payment flows should sit. DNSSEC adoption in New Mexico runs at 6.1% (vs 6.1% national) — meaningful for downstream DKIM and MTA-STS validation, but still a minority signal.
Risk-band shape. New Mexico's critical-band share is 7.7% versus 8.4% nationally, with the pressure shifting into the high band (27.5% of state carriers) where one or two control gaps still leave room for impersonation. The composite pain score blends SPF posture, DMARC enforcement, MTA-STS presence, and DNSSEC — so a carrier clusters in the critical band only when several controls fail together. Remediation that flips DMARC to enforcement plus turns on MTA-STS typically moves a carrier two bands down in one quarter.
What this means for buyers and shippers. If you are dispatching freight, settling broker payments, or receiving rate confirmations from New Mexico-based carriers, the operational exposure is the 79.1%of domains that cannot stop a stranger from sending email in the carrier's name. Payment-redirect and load-redirect fraud rides on exactly that gap. Verifying a counterparty's DMARC posture before a first wire — a 30-second DNS lookup — is the cheapest control in the freight stack.
Compare New Mexico with other states
States closest in carrier-count rank to New Mexico. Each is scored on the same DNS-derived control set, so the comparison is apples-to-apples.
See where your own domain stands
The research is free and self-serve. Run the same public checks on your own domain in about a minute — SPF, DKIM, DMARC, MTA-STS, DNSSEC, and more — and get a scored report by email. No agents, no credentials.
Data as of 2026-05-20from public DNS measurements. Statistics are domain-weighted unless noted. State scope is the carrier's FMCSA-registered state. Methodology: read the full index.