An independent cybersecurity review across many of California’s largest title companies reveals a wide range of results. With buyers wiring six-figure sums at closing, weak email authentication is a direct path to business email compromise (BEC) and wire fraud.
Using data from audit.emailmenow.com, we evaluated each company’s domain across SPF, DKIM, DMARC, transport security (MTA-STS/TLS), and website security headers.
Cybersecurity Scores of Major California Title Companies
Overall compliance scores from audit.emailmenow.com. Re-run any domain at the link to verify.
| Rank | Company | Domain | Overall Score | Performance Level |
|---|---|---|---|---|
| 1 | Chicago Title (FNF) | ctt.com | 84% | Strong |
| 2 | Stewart Title | stewart.com | 70% | Strong |
| 3 | Glen Oaks Escrow | glenoaksescrow.com | 68% | Good |
| 4 | Old Republic Title | ortc.com | 64% | Good |
| 5 | Placer Title | placertitle.com | 61% | Above Average |
| 6 | First American Title | firstam.com | 60% | Above Average |
What the Results Reveal
- Scores span 84% (Chicago Title) down to 60% — California’s title sector is one of the stronger cohorts we reviewed, though even the floor leaves room to improve.
- Regional players hold their own against the national underwriters (Glen Oaks Escrow 68%, Placer Title 61%).
- Without an enforced DMARC policy, criminals can send “updated wiring instructions” that look exactly like the title company — and the buyer wires funds to a fraudulent account.
Why This Matters for Title Companies
Wire-transfer fraud almost always starts with a spoofed or look-alike email. The FTC Safeguards Rule applies, and an enforced DMARC policy is the single highest-impact fix for this sector.
Check any company’s posture at audit.emailmenow.com/?industry=title-companies.
See also — national audit
Recommendations
- Enforce DMARC (
p=reject), strict SPF (-all), and DKIM signing. - Add MTA-STS and website security headers.
- Adopt verified call-back procedures for any change to wiring instructions, and train every closer.
Stop wire fraud before it starts. Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=title-companies.
Contact EmailMeNow IT Consulting for help with securing your closing communications.
Source & methodology: Overall compliance scores from the free scan at audit.emailmenow.com — each domain checked for email authentication (SPF, DKIM, DMARC), transport security (MTA-STS/TLS), website security headers, and network security. Re-run any domain at the link to verify.