Often when people first hear about DMARC, their immediate reaction is, “That’s great! Who’s using it?” That’s a good question, because DMARC can only prevent fraudulent email from reaching inboxes when both senders and receivers have implemented it.
For convenience, we’ve collected a sample of notable organizations or domains that have published DMARC policies on this page. Some of these companies are in the early stages, collecting reports about their email traffic so they can understand their organization’s particular needs and implement email authentication appropriately to ensure all their messages are covered – these are listed in the first section.
The second section lists companies that have asked receivers to send messages that fail authentication to the Spam or Junk folder. This is commonly used as an incremental step before asking to have all such messages blocked. The third section lists companies that have asked receivers to not even accept messages using their domains that fail authentication.
You can check to see if any domain is using DMARC through one of the tools listed below. Just enter the domain you’re curious about, and these pages will retrieve that domain’s DMARC record from DNS and show it to you. Most of them will also explain what the different fields of the DMARC record mean.
- DMARC Inspector at Dmarcian
- SPF & DMARC Record Lookup at Online Trust Alliance
- DMARC Check at Return Path
Unfortunately there is no simple way to determine whether a receiver or “mailbox provider” – meaning your Internet or mobile provider, or your employer – uses DMARC to filter incoming email messages. However by collecting information from public announcements, professional contacts, and other channels we have been able to compile the following list of receivers that we understand currently use DMARC to filter incoming messages. It is believed to be accurate, though not complete, when this article was being written.
- America Online (AOL)
- AT&T (US)
- Bell Canada
- Comcast* (US)
- GMail and Google Apps*
- Mail.ru (CIS, Eastern Europe, Russia)
- Microsoft – Hotmail.com, Live.com, Office 365, Outlook.com
- NetEase (Asia, China)
- Nos (Europe, Portugal)
- Sky.com (Europe, United Kingdom)
- Verizon (US)
- Virgin Media (Europe)
- XS4All (Europe, Holland/Netherlands)
- Xtra (Australia)
- Yandex (Europe)
Some of these companies operate under multiple consumer-facing domains, and it may not be easy to recognize that they are using DMARC to protect the domain you use. DMARC.org hopes to provide an easier lookup method in the near future.
* Comcast and Google are sponsors of DMARC.org