The number of valid DMARC policies observed in the DNS increased by roughly 300% over the course of 2019, based on analysis of data from Farsight Security. At the end of 2018 there were roughly 630,000 valid DMARC policies published, and at the end of 2019 this figure was 1.89 million. (See similar announcements from 2017 and 2018.)
The graph below shows the number of valid DMARC records from the Farsight dataset that were confirmed to still be published in the DNS at the middle and end of each calendar year shown.
DMARC.org uses DNS transaction data supplied by Farsight Security that includes anonymized requests for DMARC records, and the corresponding responses, captured by their sensors at various strategic points on the Internet. DMARC.org weeds out invalid and malformed DMARC records, and makes sure the remaining records are still being served by looking them up in DNS.
Since this validation is performed in the month following the end of the quarter in which the data was captured, the result is a reasonable point-in-time figure for the portion of the Internet covered by Farsight’s sensors. It is unlikely to include all DMARC records published or in use on the Internet, but it is a stable subset that provides a useful picture of adoption and usage over time.
DMARC.org thanks Farsight Security for making this data available for research purposes.