Two vendors run 91% of the secure email gateway market for US public companies
6 days ago
- #SEC-compliance
- #market-concentration
- #email-security
- Public MX records analysis of 2,584 SEC EDGAR-linked entities revealed a dominant duopoly in the secure email gateway market, with Proofpoint and Mimecast accounting for 91.4% of non-mailbox vendor matches.
- Microsoft 365 is the most prevalent mailbox platform at 43.6% among identified entities, aligning with expectations for large US organizations, but the gateway layer shows high concentration in just two vendors.
- When isolating the secure email gateway market, excluding mailbox platforms like Microsoft and Google, the combined share of Proofpoint and Mimecast rises to 92.4% among the top three pure gateway vendors.
- Comparison with a broader tracked population shows the gateway duopoly is more concentrated in SEC-linked entities, with Proofpoint and Mimecast shares roughly doubling, indicating enterprise-focused sales strategies.
- The high concentration at the MX layer implies vendor incidents at Proofpoint or Mimecast can impact a large share of US public-company email simultaneously, creating shared dependencies and structural risks.
- Additional analysis of DMARC reporting and SPF layers reveals different vendor concentrations, dominated by Salesforce, Amazon SES, dmarcian, and DMARC Analyzer, showing weaker concentration compared to the MX layer.
- The methodology uses suffix-based MX hostname matching for vendor attribution, providing auditable results, but it only captures public MX layers, not integrated cloud email security or hidden gateways.