The number of Internet domains with active, valid DMARC records as measured at the end of September was over triple the figure from 12 months earlier. Using data supplied by Farsight Security through Q3 2016, the figure was 62,066 domains. Updated with data captured through Q3 2017, that figure rose to 193,958 domains. The following graph tracks this figure from when the DMARC protocol was first published:
To be considered active, a valid DMARC DNS record for a domain must be captured at some point in the data collection period. When the statistics for the graph above are being developed, a valid DMARC DNS record for that same domain must still be available via a normal DNS lookup. Any domain that had previously published such a record, but which cannot be retrieved when the most recent update is being processed, is no longer recorded as active. No differentiation or breakdown based on the DMARC mail receiver policy (cf. RFC7489 section 6.3) published within the DMARC DNS record, such as “p=none” versus “p=reject,” is made at this time.
Farsight Security’s DNSDB dataset captures anonymized DNS request/response data from numerous nameservers around the Internet. When a server on the Internet receives an email message and tries to look up a DMARC record related to the sending domain, Farsight captures the request and any response. While examining all the email flowing across the Internet would provide conclusive data, this dataset provides the best way to sample general DNS activity related to real world DMARC use available at this time.