An independent review of email security across many of Texas’s top law firms reveals a wide range of results. While some firms demonstrate relatively strong controls, others — including several highly prestigious names — show significant vulnerabilities.
Using data from audit.emailmenow.com, we evaluated the email and domain security posture of leading Texas firms across categories such as SPF, DKIM, DMARC, transport security, and website security headers.
Email Security Scores of Major Texas Law Firms
| Rank | Law Firm | Overall Score | Performance Level |
|---|---|---|---|
| 1 | Norton Rose Fulbright | 70% | Strong |
| 2 | Latham & Watkins | 64% | Good |
| 2 | Locke Lord | 64% | Good |
| 2 | Winstead | 64% | Good |
| 5 | Susman Godfrey | 61% | Above Average |
| 6 | Haynes and Boone | 60% | Above Average |
| 7 | Porter Hedges | 58% | Average |
| 8 | Sidley Austin | 54% | Average |
| 8 | Skadden | 54% | Average |
| 8 | Jones Walker | 54% | Average |
| 11 | Baker Botts | 50% | Below Average |
| 11 | Bracewell | 50% | Below Average |
| 13 | Jackson Walker | 48% | Below Average |
| 14 | Gibson, Dunn & Crutcher | 44% | Weak |
| 15 | Vinson & Elkins | 39% | Weakest |
Key Findings
- Best Performer: Norton Rose Fulbright leads with a solid 70% score.
- Lowest Performer: Vinson & Elkins scored the lowest at 39%, indicating significant gaps in email authentication and security controls.
- Many nationally prestigious firms (including several Vault-ranked elite firms) are scoring in the low-to-mid 50s, which is concerning given the sensitive nature of their work.
- Common weaknesses across lower-scoring firms include weak DMARC policies, missing or misconfigured MTA-STS, and insufficient website security headers.
Why This Matters
Even top-tier law firms with excellent legal reputations can be vulnerable to Business Email Compromise, domain spoofing, and phishing attacks if their email infrastructure is not properly secured. These weaknesses can expose client data and create professional liability risks under TDRPC 1.05 and SB 2610.
Recommendations
Law firms should prioritize:
- Implementing a strict DMARC policy (p=reject)
- Enabling MTA-STS and proper TLS reporting
- Regularly auditing email security configurations
- Conducting ongoing security awareness training for staff
Protect your firm.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com to see your firm’s current score and get specific recommendations.
Contact EmailMeNow IT Consulting for help improving your email security and overall compliance posture.
Prestige does not equal strong cybersecurity. Many of Texas’s most respected law firms still have meaningful work to do to protect client information.