The Farsight dataset begins before the initial DMARC standard was first published. This offers an excellent opportunity to study the uses and adoption of the protocol as it matures.
NOTE: This dataset does not cover the entire Internet, therefore none of the graphs below represents Internet-wide figures. They may differ greatly from studies conducted using other datasets. However the trends within this set, the changes over time, are believed to be representative of Internet-wide trends and therefore provide valuable insight.
This section shows the number of domains that first published a DMARC policy in a given month, provided they still have a DMARC policy published when this dataset was evaluated. In other words a domain that first published a DMARC policy in January 2016 will be included in the figure for January 2016, provided the domain still had a valid DMARC policy published in January 2020 (for a dataset that covers through the end of CY2019).
There are two spikes in new records worth noting. In July 2014 there was a 127% increase in a single month as the industry responded to AOL and Yahoo! decisions to publish “p=reject” policies for their customer-facing domains a few months earlier. And in November 2018 there was a surge of over 5MM new DMARC records published, most of them at unusual labels like _dmarc.mx.mx.mx.example.com, believed to be from a single hosting organization. Most of those records may have been mistakes as they were no longer published by 2020, but even without them the number of published records increased by nearly 50% in that month alone.
The following graph covers the same set of domains, but shows the number of valid DMARC records published for the first time in each month. The chart starts in January 2017 because the large scale needed for later months would make the earlier monthly totals invisible.
The mix of policies has changed over the course of the year. This is unsurprising given the large increase in the number of policies in absolute terms; assuming there are a large number of first-time adopters, one would assume the number of “p=none” policies would increase as an overall proportion. Here is a comparison of the overall policy mix between CY2018 and CY2019.
This graph shows the total number of valid DMARC records that appeared for the first time in that month (“Total Added”), versus the number that first appeared in that month but were no longer visible via DNS lookups in January 2020 (“Later Removed”).
Any new protocol should expect to see organizations both adopt it and abandon it. Some will try it and find they don’t need it, others may for unrelated reasons cease operation. Some may be temporary deployments to see what the protocol can do, perhaps leading to other deployments in production domains. And some may be part of the automated setup and tear-down of domains created temporarily for potentially fraudulent purposes.
The gap between these two lines reflects the number of active DMARC records added each month.