Over the course of 2018 the number of valid DMARC policies published in the DNS increased a little over two and a half times, based on analysis of data from Farsight Security. At the end of 2017 there were 240,151 DMARC policies published, and at the end of 2018 this figure was roughly 630,000. (The final figure is pending investigation of a number of suspicious records.)

The graph below shows the total number of valid DMARC records confirmed to be available through DNS queries at the end of 2016, 2017, and 2018.

DMARC.org uses DNS transaction data supplied by Farsight Security that includes anonymized requests for DMARC records, and the corresponding responses, captured by their sensors at various strategic points on the Internet. DMARC.org weeds out invalid and malformed DMARC records, and makes sure the remaining records are still being served by looking them up in DNS.

Since this work is performed close to the end of the period in which the data was captured, the result is a reasonable point-in-time figure for the portion of the Internet covered by Farsight’s sensors. It is unlikely to include all DMARC records published or in use on the Internet, but it is a stable subset that provides a useful picture of adoption and usage over time.

DMARC.org thanks Farsight Security for making this data available for research purposes.