The Farsight dataset begins before the initial DMARC standard was first published. This offers an excellent opportunity to study the uses and adoption of the protocol as it matures.
NOTE: This dataset does not cover the entire Internet, therefore none of the graphs below represents Internet-wide figures. They may differ greatly from studies conducted using other datasets. However the trends within this set, the changes over time, are believed to be representative of Internet-wide trends and therefore provide valuable insight.
This section shows the number of domains that first published a DMARC policy in a given month, provided they still have a DMARC policy published when this dataset was evaluated. In other words a domain that first published a DMARC policy in January 2016 will be included in the figure for January 2016, provided the domain still had a valid DMARC policy published in January 2020 (for a dataset that covers through the end of CY2019).
Note that in the graph above, there was a surge in DMARC records published at unusual labels, like _dmarc.mx.mx.mx.example.com, in November/December 2018. We have removed the records we could identify, but there are probably still bogus records present that have not yet been identified.
The following graph covers the same set of domains, but shows the number of valid DMARC records published for the first time in each month. The chart starts in January 2017 because the large scale needed for later months would make the earlier monthly totals invisible.
This graph shows the total number of valid DMARC records that appeared for the first time in that month (“Total Added”), versus the number that first appeared in that month but were no longer visible via DNS lookups in January 2020 (“Later Removed”).
Any new protocol should expect to see organizations both adopt it and abandon it. Some will try it and find they don’t need it, others may for unrelated reasons cease operation. Some may be temporary deployments to see what the protocol can do, perhaps leading to other deployments in production domains. And some may be part of the automated setup and tear-down of domains created temporarily for potentially fraudulent purposes.
The gap between these two lines reflects the number of active DMARC records added each month.