The Farsight dataset begins before the initial DMARC standard was first published. This offers an excellent opportunity to study the uses and adoption of the protocol as it matures.

NOTE: This dataset does not cover the entire Internet, therefore none of the studies appearing below represents Internet-wide figures. They may differ greatly from studies conducted using other datasets. However the trends within this set, the changes over time, are believed to be representative of Internet-wide trends and therefore provide valuable insight.

Adoption

This section shows the number of domains that first published a DMARC policy in a given month, provided they still have a DMARC policy published when this dataset was evaluated. In other words a domain that first published a DMARC policy in January 2016 will be included in the figure for January 2016, provided the domain still had a valid DMARC policy published in January 2018 (for a dataset that covers through the end of CY2017).

Graph

The following graph covers the same set of domains, but shows the number of domains publishing a DMARC record for the first time in each month. The chart starts in January 2015 simply to avoid a large number of earlier months whose totals wouldn’t be visible.

Graph

Dropouts

This graph shows the total number of domains where DMARC records are observed for the first time (“Total Added”), and the number from that month that were no longer visible via DNS lookups in October 2017 (“Later Removed”).

Any new protocol should expect to see organizations both adopt it and abandon it. Some will try it and find they don’t need it, others may for unrelated reasons cease operation. Some may be temporary deployments to see what the protocol can do, perhaps leading to other deployments in production domains. And some may be part of the automated setup and tear-down of domains created temporarily for potentially fraudulent purposes.

Graph

When SPF was first introduced, the most aggressive group to deploy the technology was spammers. This is a practice we saw repeated with DKIM as criminals tried to gain some advantage by blending in with organizations adopting these new practices. Looking at the first two quarters of 2016 in the graph above, we appear to see permanent adoption accelerating far beyond the temporary deployments.