The biggest global mailbox providers – AOL, Google*, Hotmail/Microsoft, NetEase, Yahoo – have been using DMARC to filter out fraudulent email sent to their users from the beginning. But readers have told us that some major North American ISPs are also using DMARC to protect their customers. We like to recognize these ISPs for using DMARC and email authentication to protect their customers.

Community members have indicated that the following ISPs are using DMARC to filter out fraudulent messages that might otherwise reach the inboxes they provide:

  • AT&T
  • Comcast*
  • Rogers
  • Verizon

This is great news for the customers of these companies, since it completes the circle of protection started when their bank, healthcare provider, or school implements DMARC to protect the messages they send. In such cases, the most insidious and effective means of launching phishing attacks against the customers of these senders are mitigated.

We believe this information is accurate, but there may be details the submitters were unaware of. And there may be other ISPs who have implemented inbound DMARC filtering but we haven’t heard of their efforts yet. In any case, if there’s an ISP we’ve incorrectly listed or left off, and you have direct knowledge of the situation, please use our ISP Feedback form to provide an update.


* Comcast and Google are sponsors of