The Farsight dataset begins before the initial DMARC standard was first published. This offers an excellent opportunity to study the uses and adoption of the protocol as it matures.

NOTE: This dataset does not cover the entire Internet, therefore none of the studies appearing below represents Internet-wide figures. They may differ greatly from studies conducted using other datasets. However the trends within this set, the changes over time, are believed to be representative of Internet-wide trends and therefore provide valuable insight.

Adoption

This section examines two aspects of DMARC deployment: Companies deploying DMARC for the first time, and how many of those companies continue to use it.

These graphs provide a cumulative view of the first time domains have published a valid DMARC record – and still have some kind of DMARC record published at the end of the period charted.

Graph

The following graph shows the same graph of domains that have published and kept DMARC records, but the secondary plot is the number of new domains publishing a DMARC record for the first time in that month.

Graph

Dropouts

Any new protocol should expect to see organizations both adopt it and abandon it. Some will try it and find they don’t need it, others may for unrelated reasons cease operation. Some may be temporary deployments to see what the protocol can do, perhaps leading to other deployments in production domains. And some may be part of the automated setup and tear-down of domains created temporarily for potentially fraudulent purposes.

This graph shows the number of domains where DMARC records are observed for the first and last times. Some domains first publish in one month, and are last seen in another. Other domains publish for a short enough time they are never seen again. This graph makes no distinction, but future research will focus on those transient domains.

Graph

When SPF was first introduced, the most aggressive group to deploy the technology was spammers. This is a practice we saw repeated with DKIM as criminals tried to gain some advantage by blending in with organizations adopting these new practices. Looking at the first two quarters of 2016 in the graph above, we may be seeing adoption by legitimate domains accelerating far beyond the use by fraudsters on the disposable domains they configure for their campaigns, which quickly disappear.