Back to news
Cybersecurity Alert
July 13, 2026 by EmailMeNow IT Consulting

Texas Public University Systems vs Private Universities: Email Security Audit 2026

Side-by-side audits of UT System, Texas A&M System, and leading private Texas universities. St. Thomas leads privates at 69%; Rice and SMU sit at 44%. None reach the 100% ideal domain security score.

NewsEmail SecurityTexasHigher EducationCybersecurity
Comparison chart of Texas public university systems versus private university email security scores

Texas higher education is split between large public systems and well-known private universities. We audited system apex domains and representative private campuses on July 13, 2026, scoring each against the 100% ideal.

Public Systems vs Private Campuses

TypeInstitutionDomainOverallIdentityTransportWebsiteLevel
Public systemTexas A&M University Systemtamus.edu62%70%15%45%Above Average
Public systemThe University of Texas Systemutsystem.edu54%50%15%45%Average
PrivateUniversity of St. Thomas – Houstonstthom.edu69%65%45%70%Above Average
PrivateTexas Christian Universitytcu.edu58%25%15%92%Average
PrivateUniversity of Dallasudallas.edu56%20%15%92%Average
PrivateRice Universityrice.edu44%25%15%45%Below Average
PrivateSouthern Methodist Universitysmu.edu44%25%15%45%Below Average

Flagship public campuses (for context)

InstitutionDomainOverallIdentityTransportWebsite
Texas A&M Universitytamu.edu76%65%45%92%
UT Austinutexas.edu54%50%15%45%

Illustration: Texas public-system CIO and private-university CISO comparing DMARC dashboards below the 100% ideal

Takeaways

FindingDetail
Ideal scoreNobody in this set reached 100% overall
Best privateSt. Thomas – 69% (also a recent OAG filer)
System vs flagshipA&M campus (76%) beats A&M System apex (62%) — foundations and admin domains often lag
Private identity trapRice/SMU/TCU/UD identity scores 20–25% invite spoofed advancement and admissions mail
Shared transport gapSystem apexes and most privates stuck at 15% transport

A strong website score (TCU/UD 92%) does not stop mail spoofing. After Nelson, Dallas, and SMU disclosures, weak identity becomes a follow-on phishing multiplier.

Website stack note

  • UT System (utsystem.edu): Drupal behind current (running 11; latest 11.4.2)
  • St. Thomas – Houston (stthom.edu): WordPress behind current (running 6.9.4; latest 7.0.1)

Priority Actions

Public systems: Align foundation, hospital, and Shared Services domains with the strongest campus DMARC policy — spoofed @tamus.edu / @utsystem.edu procurement mail is high-ROI for attackers.

Private universities: Move identity from ~25% to reject; pair with MTA-STS enforce before the next advancement campaign cycle.


audit.emailmenow.com · Contact

Methodology: Audited July 13, 2026. 100% is the ideal.