By Cargo / Intermodal Containers
Intermodal Containers Carriers — Email Security
79.5% of active intermodal containers carrier domains have no enforced DMARC — leaving this segment open to email impersonation, payment-redirect fraud, and cargo theft via phishing.
No enforced DMARC
79.5%
national: 80.1%
p=reject
8.1%
national: 7.5%
Microsoft 365
36.9%
national: 38.1%
M365 + no DMARC (carriers)
2,761
national: 92,822
MTA-STS
3.5%
national: 3.3%
DNSSEC
8.5%
national: 6.1%
Dead domains
440
of 8,354 scanned
Total carriers
9,463
440 with dead domain
Risk bands — Intermodal Containers carriers
Carrier counts by risk band (composite email-security pain score). Critical = score 70+; Minimal = score <15.
| Risk band | Score range | Carriers | Domains |
|---|---|---|---|
| Critical | score 70+ | 674 | 621 |
| High | score 50–69 | 2,541 | 2,447 |
| Medium | score 30–49 | 4,344 | 3,570 |
| Low | score 15–29 | 1,393 | 1,216 |
| Minimal | score <15 | 71 | 60 |
Intermodal Containers vs. national average
What the Intermodal Containers numbers actually mean
Segment exposure framing. Intermodal freight crosses rail, ocean, and trucking handoffs — multiple counterparty emails per move means multiple impersonation surfaces per shipment.
DMARC posture. The intermodal containerssegment's share of carrier domains with no enforced DMARC sits at 79.5% — within 0.6 points of the national average. enforced p=reject DMARC adoption tracks the national pool — meaning most domains in this segment either have no DMARC at all or are stuck at the monitor-only p=none policy. At the protective end of the distribution, 8.1% of segment domains are at p=reject — the only DMARC policy that actually instructs receivers to drop spoofed mail.
Microsoft 365 surface. Microsoft 365 mailflow adoption tracks the national distribution closely, so the 2,761 M365 carriers in this segment with DMARC disabled represent the same "paid-for-but-switched-off" pattern that drives the national headline. That share is 29.2% of all intermodal containers carriers — a one-flag-flip remediation set that segment-specific MSPs can clear in a single quarter without touching DNS infrastructure.
Transport encryption. MTA-STS adoption sits at 3.5%, materially below the threshold a freight payment-redirect attacker would have to clear to be inconvenienced by transport-layer policy. DNSSEC adoption across intermodal containers carriers runs at 8.5% (vs 6.1% national).
Risk-band shape. Intermodal Containers's critical-band share is 7.1% versus 8.4% nationally, with the pressure shifting into the high band (26.9% of segment carriers) where one or two control gaps still leave room for impersonation.
Best-practice control for this segment. Intermodal shippers should require DMARC enforcement across all carrier and rail-side counterparties, and pin authorized contact identities into the TMS.
Compare Intermodal Containers with other cargo segments
Segments closest in carrier-count rank to Intermodal Containers. Each is scored on the same DNS-derived control set, so the comparison is apples-to-apples.
See where your own domain stands
The research is free and self-serve. Run the same public checks on your own domain in about a minute — SPF, DKIM, DMARC, MTA-STS, DNSSEC, and more — and get a scored report by email. No agents, no credentials.
Data as of 2026-05-20 from public DNS measurements. Statistics are domain-weighted unless noted. Cargo segment membership is based on FMCSA Company Census cargo flags. Methodology: read the full index.