The Farsight dataset begins before the initial DMARC standard was first published. This offers an excellent opportunity to study the uses and adoption of the protocol as it matures.
NOTE: This dataset does not cover the entire Internet, therefore none of the graphs below represents Internet-wide figures. They may differ greatly from studies conducted using other datasets. However the trends within this set, the changes over time, are believed to be representative of Internet-wide trends and therefore provide valuable insight.
This section shows the number of domains that first published a DMARC policy in a given month, provided they still have a DMARC policy published when this dataset was evaluated. In other words a domain that first published a DMARC policy in January 2016 will be included in the figure for January 2016, provided the domain still had a valid DMARC policy published in January 2021 (for a dataset that covers through the end of CY2020).
The graph above only shows the data from 2015 through 2020, but a similar graph starting in 2012 is available here. In November 2018 there was a surge of over 5MM new DMARC records published, most of them at unusual labels like _dmarc.mx.mx.mx.example.com, believed to be from a single hosting organization. Most of those records may have been mistakes as they were no longer published by 2020, but even without them the number of published records increased by nearly 50% in that month.
The following graph covers the same set of domains, but shows the number of valid DMARC records published for the first time in each month. The chart starts in January 2017 because the large scale needed for later months would make the earlier monthly totals invisible.
These graphs try to show the relative proportion of each DMARC policy option among all the active, valid DMARC records in the dataset. First is the overall policy mix at the end of CY2020, followed by a chart of the policy mix as captured every six months over the past several years.
The following graph shows the policies at the end of the past several years. There is a gradual decrease in the number of domains publishing a “p=none” policy, with a corresponding gradual increase in the “p=quarantine” and “p=reject” policies.