DMARC.org Domain-based Message Authentication, Reporting & Conformance
Home | Overview | Resources | FAQ | Specification | Participate | About DMARC.org | News
Useful Presentations
DMARC Adoption in 1 Year

Mailbox Providers:

  • 60% of the world's email boxes are protected by DMARC, representing 1.976 billion accounts.
  • 80% of typical US customers are now protected by DMARC.

Senders:

  • 50% of the top 20 sending domains publish a DMARC policy
  • 60% of these domains publishing policy belong to companies not directly affiliated with DMARC.org
  • 70% of those domains contain a policy directing receivers take action against unauthenticated messages.

DMARC Specification

Related Specifications

The following specifications, listed alphabetically, are related to DMARC in various ways.

Authentication Failure Reporting Format (AFRF)

  • A new report sub-type extension for the Abuse Report Format (ARF) (see: RFC 5965)
  • Allows for relaying of forensic details regarding an authentication failure
  • Supports reporting of SPF and/or DKIM failures
    • For SPF, reports the client IP address and the SPF record(s) that were retrieved, producing a "fail" result
    • For DKIM, reports the canonicalized header and body that produced a failed signature, allowing forensic analysis by the signer to detect why the failure occurred
    • Also supports ADSP reporting of messages that weren't signed but should have been
  • This will be used by DMARC sites for reporting per-message failure details.
  • An aggregate reporting format is suggested within an appendix of the DMARC specification.

DomainKeys Identified Mail (DKIM)

  • DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
  • DMARC uses DKIM results as one method (SPF being the other) for receivers to check email.
  • More Information: DKIM.org

Sender Policy Framework (SPF)

  • SPF provides a method for validating the envelope sender domain identity that is associated with a message through path-based authentication.
  • DMARC uses SPF results as one method (DKIM being the other) for receivers to check email.
  • More Information: OpenSPF.org

Unless otherwise noted, all content on this website is (CC By 3.0) by DMARC.org, with technical contributions to the specification made according to the Open Web Foundation Contributor License Agreement (CLA 1.0)