Education Email Security Dataset

Full Lokentra ESI Registry

Total domains DNS-profiled	406,680
Domains alive (resolving)	391,984 (96.4%)
Public sector entities	69,892
For-profit businesses (SAM.gov)	273,713
Nonprofits (IRS BMF)	84,272
States covered	50 + DC
DNS record types per domain	7
Entity schema fields	40

Education Segment This Brief

K-12 districts + charter LEAs	22,741
Higher education institutions	3,246
Total education entities	25,987
K-12 with website / domain	18,274
K-12 with phone + address	19,281 (100%)
K-12 with NCES LEAID (join key)	19,281
K-12 data freshness	2024-2025

What Makes This Dataset Unique

1. No comparable dataset exists

The U.S. Census Bureau's Census of Governments counts entities but provides no internet domains or email provider data. NCES CCD/IPEDS cover enrollment and finance but no technology infrastructure. This is the only dataset linking every U.S. K-12 district and accredited institution to its full DNS profile, email provider, security gateway status, and authentication posture.

2. Entity-attributed, not domain-sampled

Unlike threat intelligence feeds that start from domain lists, this dataset starts from authoritative government rosters and works forward to DNS. Every record is attributed to a named entity with type, subtype, state, county, and source provenance. Researchers can join to NCES, Census, or SAIPE datasets by district name, state, and county.

3. Full DNS security stack, not just DMARC

Each domain is profiled across the complete email authentication stack: SPF record presence and qualifier • DKIM public key across common selectors • DMARC policy level • MX provider classification • Gateway proxy detection • Underlying provider inference via SPF analysis

Key Findings 5 headline results

Finding 1: K-12 is Google’s stronghold — a 4:1 ratio over Microsoft

Segment	Google Workspace	Microsoft 365	Ratio
K-12 school districts	8,611	2,159	4.0 : 1
Higher education	579	1,680	1 : 2.9

First empirical quantification at national scale. K-12 overwhelmingly uses Google Workspace (free Education tier). Higher ed inverts the pattern, favoring Microsoft 365.
Research angles: cloud vendor lock-in, procurement drivers, EdTech ecosystem effects, digital equity.

Finding 2: Half of K-12 districts lack DMARC — vulnerable to spoofing

Protocol	K-12	Higher Ed	National Avg
MX records	85.7%	93.3%	81.0%
SPF	79.1%	90.5%	75.9%
DMARC (any)	51.7%	86.1%	47.2%
DMARC reject	~25%	~55%	~22.6%

48.3% of K-12 domains have no DMARC record. These districts can be impersonated via email spoofing — a direct phishing vector against parents, staff, and students. Higher ed leads by 34.4 percentage points.

Finding 3: K-12 districts rarely deploy email security gateways

Entity Type	Domains with MX	Using Gateway	Rate
Higher education	2,767	564	20.4%
K-12	12,607	1,033	8.2%

Districts with gateways show +22.7pp DMARC uplift and +8.1pp SPF uplift over non-proxied domains.

Finding 4: State-by-state variation reveals policy effects

The dataset covers all 50 states + DC with per-state breakdowns. States with centralized IT governance show higher adoption; states with fragmented district structures show lower adoption. Rural vs urban district size correlates with security posture.

Finding 5: Provider choice predicts security

Provider Category	SPF	DMARC	Gap
Email Security Proxy	97.3%	75.7%	21.6pp
Enterprise Cloud (Google/M365)	93.2%	60.4%	32.8pp
Budget Hosting (GoDaddy, IONOS)	51.3%	23.8%	27.5pp

Districts using GoDaddy email: 7.3% SPF — effectively unprotected. The vendor ecosystem determines the security floor.

Dataset Schema Education-Relevant Fields

Field	Type	Description
`entity_name`	string	Official district or institution name
`entity_type`	enum	`k12` or `higher_ed`
`entity_subtype`	string	school_district, charter_org, community_college, university, etc.
`state`	string	Two-letter USPS code
`county`	string	County name
`primary_domain`	string	Apex domain (e.g., springisd.org)
`mx_provider`	string	Classified email provider
`has_spf` / `has_dkim` / `has_dmarc`	boolean	Protocol presence flags
`dmarc_policy`	string	none, quarantine, reject
`email_proxy`	string	Security gateway service (Barracuda, Proofpoint, etc.)
`underlying_provider`	string	Real mailbox platform behind gateway
`dns_score`	integer	0–100 composite security score
`grade`	string	A / B / C / D / F
`source_name` / `source_url`	string	Authoritative collection source with URL
NEW — CCD 2024-2025 Fields
`nces_leaid`	string	NCES LEA ID — canonical join key to NCES finance, enrollment, demographics
`phone`	string	District main phone number
`physical_address`	string	Physical street address
`mailing_address`	string	Mailing address
`grade_low` / `grade_high`	string	Grade span (e.g., PK to 12)
`operational_schools`	integer	Number of operational schools in district
`lea_type`	string	LEA type (regular, charter agency, regional, specialized, etc.)
`charter_flag`	string	Charter status (NOTCHR, CHRTIDEAESEA, etc.)

ESI Scoring Rubric 100-point scale

SPF — 30 points

Configuration	Points
`-all` (hard fail)	30
`~all` (soft fail)	15
`?all` or `+all`	5
No SPF record	0

DKIM — 30 points

Configuration	Points
DKIM public key published	30
No DKIM key found	0

Selectors checked: google, mail, selector1, selector2, s1, s2, k1

DMARC — 40 points (highest weight)

Configuration	Points
`p=reject` (full enforcement)	40
`p=quarantine`	20
`p=none` (monitoring only)	10
No DMARC record	0

DMARC receives 40% weight because it is the only protocol that prevents spoofing in the From: header — the field end users actually see.

Composite Grade

90–100 — Full enforcement (SPF hard fail + DKIM + DMARC reject)

70–89 — Strong posture, minor gaps

50–69 — Partial protection (K-12 national average)

30–49 — Weak: missing DKIM or DMARC

0–29 — Minimal or no authentication

What the grades mean for education:
Grade A district — Parents and staff cannot receive spoofed email from this domain.
Grade C district (K-12 average) — SPF present, but no DMARC. An attacker can send email appearing to come from superintendent@district.org and it lands in inboxes.
Grade F district — No email authentication. Any sender can impersonate any address at this domain.

Beyond Education: Cross-Sector Benchmarking Available

The ESI scoring rubric is applied uniformly across our full entity registry. Researchers who need broader context can access scored datasets for:

For-profit businesses
Sourced from SAM.gov federal entity registrations • 273,713 domains • DNS-profiled and graded

Nonprofits
Sourced from IRS Business Master File (BMF) • 84,272 domains • DNS-profiled and graded

How does K-12 email security compare to the nonprofit sector? Do SAM.gov-registered contractors outperform the school districts they serve? Education-only purchasers can add sector packs later without re-licensing.

Research Applications

Education Policy Researchers

Cybersecurity readiness — Which states/districts are most vulnerable?
Federal mandate gap — BOD 18-01 covers federal agencies; what would a K-12 equivalent look like?
Digital equity — Do rural, underfunded districts have worse security?
State policy effectiveness — Do cybersecurity mandates improve K-12 adoption?

EdTech & Procurement Researchers

Cloud adoption — Quantify Google vs Microsoft split across education
Vendor lock-in — How does free Google Workspace for Education affect switching?
Gateway market — Which vendors serve education? What's the curve?
TAM — 8,200+ K-12 districts without email security gateways

Cybersecurity Researchers

Phishing risk modeling — Map authentication gaps to phishing exposure at district level
DMARC barriers — Why do 48% of K-12 districts lack DMARC despite having SPF?
Provider-security causality — Does Google's auto-provisioning of SPF explain the gap?
Longitudinal tracking — Baseline for measuring future adoption progress

Delivery Format

CSV / Parquet	Flat files, one row per entity
SQLite database	Pre-indexed by state, type, provider, grade
API access	RESTful query with filtering & aggregation
Interactive dashboard	Web-based explorer with drill-down

All deliveries include methodology docs, source provenance, data dictionary, and reproducibility scripts.

Pricing Tiers

Tier	Scope
State Pack	Single state, all education entities
K-12 National	All 22,741 K-12 districts + charters, 50 states
Higher Ed National	All 3,246 institutions, 50 states
Full Education	K-12 + Higher Ed combined
Full Public Sector	All 69,892 entities (all types)
API + Updates	Quarterly re-scan, API access

Competitive Positioning

Capability	This Dataset	NCES CCD/IPEDS	Threat Intel	Censys/Shodan
Entity-attributed (named districts)	Yes	Yes	No	No
All 50 states + DC	Yes	Yes	Partial	—
Email provider classification	Yes	No	No	Partial
DMARC/SPF/DKIM posture	Yes	No	Yes	No
Email gateway detection	Yes	No	Partial	No
Underlying provider inference	Yes	No	No	No
K-12 + Higher Ed combined	Yes	Separate	No	No
Education-sector benchmarks	Yes	No	No	No

Try a free email security scorecard for any education domain

Get Your Free Scorecard →

Contact: research@monitorworkspace.com

U.S. Education Email Security Intelligence Dataset

Full Lokentra ESI Registry

Education Segment This Brief

What Makes This Dataset Unique

1. No comparable dataset exists

2. Entity-attributed, not domain-sampled

3. Full DNS security stack, not just DMARC

Key Findings 5 headline results

Finding 1: K-12 is Google’s stronghold — a 4:1 ratio over Microsoft

Finding 2: Half of K-12 districts lack DMARC — vulnerable to spoofing

Finding 3: K-12 districts rarely deploy email security gateways

Finding 4: State-by-state variation reveals policy effects

Finding 5: Provider choice predicts security

Dataset Schema Education-Relevant Fields

ESI Scoring Rubric 100-point scale

SPF — 30 points

DKIM — 30 points

DMARC — 40 points (highest weight)

Composite Grade

Beyond Education: Cross-Sector Benchmarking Available

Research Applications

Education Policy Researchers

EdTech & Procurement Researchers

Cybersecurity Researchers

Delivery Format

Pricing Tiers

Competitive Positioning