Federal government sites made gains according to OTA's criteria but still found themselves trailing other sectors. OTA found that only 58 percent of the top 50 federal sites had implemented email authentication (SPF or DKIM), up from 38 percent in 2011. The federal sites averaged a score of 68 in their implementation of SSL on a 1 to 100 scale; 26 percent have implemented EVSSL and 70 percent have implemented DNSSEC.

FDIC sites did somewhat better. OTA found 69 percent of the top 100 FDIC sites had implemented email authentication. The FDIC sites averaged 76 in their implementation of SSL on a 1 to 100 scale; 55 percent had implemented EVSSL. The sites averaged a privacy score of 58.52 on a 1 to 100 scale.

Meanwhile, 97 percent of the top 100 ecommerce sites have implemented email authentication, and their average SSL implementation scored 75.88 on a scale of 1 to 100. They averaged a privacy score of 61.16 on a scale of 1 to 100.