Loading map data…
A map showing which provider handles official email for municipalities worldwide — based on public DNS records. US-based providers (Microsoft, Google, AWS) are subject to the US CLOUD Act, which allows US authorities to request stored data regardless of where it is hosted. This raises data sovereignty concerns across jurisdictions.
For each municipality domain, DNS records (MX, SPF, CNAME, DKIM, autodiscover, TXT) are queried and classified in priority order: MX hostname or CNAME matching a known provider; gateway look-through via SPF, autodiscover, DKIM, and TXT verification tokens when MX points to a security gateway (FortiMail, Barracuda, Hornetsecurity, etc.) — SPF is only trusted when exactly one backend provider is found, and TXT tokens (e.g., MS=, google-site-verification=) are only used as a last resort behind gateways; DKIM check for unrecognized MX hosts to detect hidden backends (e.g., self-hosted MX with Microsoft 365 DKIM); local provider by matching MX server ASN to known local ISPs, government mail infrastructure, and municipal IT cooperatives; or self-hosted if no known provider or ISP is detected. DKIM is the most reliable signal — a CNAME proving a provider signs mail for the domain is definitive proof of mail hosting.