An independent cybersecurity review across many of Texas’s largest auto dealerships reveals a wide range of results. While some groups demonstrate relatively strong controls, others show significant vulnerabilities that put customer finance data at risk.
Using data from audit.emailmenow.com, we evaluated each dealership’s domain across SPF, DKIM, DMARC, transport security (MTA-STS/TLS), and website security headers.
Cybersecurity Scores of Major Texas Auto Dealerships
Overall compliance scores from audit.emailmenow.com, measured June 2, 2026. Re-run any domain at the link to verify.
| Rank | Dealership Group | Domain | Overall Score | Performance Level |
|---|---|---|---|---|
| 1 | Park Place Dealerships | parkplace.com | 64% | Good |
| 1 | Bert Ogden Auto Group | bertogden.com | 64% | Good |
| 3 | Mac Haik Auto Group | machaik.com | 54% | Average |
| 3 | Fred Haas Toyota | fredhaastoyota.com | 54% | Average |
| 3 | DeMontrond Auto Group | demontrond.com | 54% | Average |
| 6 | Gillman Automotive Group | gillmanauto.com | 50% | Below Average |
| 6 | AutoNation USA | autonationusa.com | 50% | Below Average |
| 8 | Vandergriff Chevrolet | vandergriffchevrolet.com | 48% | Below Average |
| 9 | Sewell Automotive | sewell.com | 45% | Weak |
| 10 | Group 1 Automotive | group1auto.com | 44% | Weak |
| 10 | Classic Chevrolet | classicchevrolet.com | 44% | Weak |
| 10 | Huffines Auto Dealerships | huffines.net | 44% | Weak |
| 10 | Allen Honda | allenhonda.com | 44% | Weak |
| 14 | Sterling McCall Auto Group | sterlingmccall.com | 30% | Weakest |
What the Results Reveal
- No dealership scored above 64% — even the leaders, Park Place and Bert Ogden, fall short of a strong (85%+) posture.
- The largest cluster sits at 44%, including national-scale groups like Group 1 Automotive — a sign that enforced DMARC (
p=reject), strict SPF (-all), and transport protections (MTA-STS/DNSSEC) are widely missing. - Weak email authentication makes it easier for attackers to impersonate the dealership and intercept customer or lender communications — the core BEC and wire-fraud risk the FTC Safeguards Rule is meant to address.
Why This Matters for Auto Dealers
Auto dealers are classified as financial institutions under the FTC Safeguards Rule (16 CFR Part 314) and must maintain a documented information security program. Weak email authentication and transport security undermine that program and expose dealers to business email compromise (BEC) and wire fraud around vehicle deposits and floor-plan payments.
See also — national audit
Recommendations for Dealerships
- Move DMARC to an enforced policy (
p=reject) after validating legitimate senders. - Replace SPF SoftFail (
~all) with strict-all; enable DKIM signing. - Add MTA-STS, DNSSEC, and website security headers (HSTS, CSP).
- Maintain a written information security program and security awareness training for sales and F&I staff.
Protect your dealership and your customers. Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=auto-dealers to evaluate your email security and FTC Safeguards readiness.
Contact EmailMeNow IT Consulting for help with email security hardening and a documented information security program.
Source & methodology: Overall compliance scores from the free scan at audit.emailmenow.com, measured June 2, 2026 — each domain checked for email authentication (SPF, DKIM, DMARC), transport security (MTA-STS/TLS), website security headers, and network security. Re-run any domain at the link to verify.