RFC 4871 required the use of a DKIM RSA key length of at least 1,024 bits “for long-lived keys,” but also required that verifiers continue to support shorter keys. And many shorter keys were in common use even five years later, when Google’s 512 bit DKIM key was cracked and used to send spoofed email […]
DMARC Policies Up 84% for 2021
Over the course of 2021 the number of valid DMARC policies observed in use rose by 84%, to a total of nearly 5 million unique records, compared to the prior calendar year. This doubles the percentage increase seen in 2020, and reflects an acceleration of growth in the second half of the year. Starting with […]
DMARC policies increase 28% Through June 2021
The number of valid DMARC policies observed in the DNS increased by 28% over the first half of 2021, to a total of 3.46 million, based on analysis of data supplied by Farsight Security. This was double the growth rate during the same period in 2020, when roughly 330,000 new records reflected a 17% increase […]
DMARC Policies Increase 43% over 2020
The number of valid DMARC policies observed in the DNS increased by 42.9% over the course of 2020, to a total of 2.7 million, based on analysis of data supplied by Farsight Security. While this represents robust growth in DMARC adoption, it is significantly lower than the 250% to 300% observed over the previous few […]
DMARC Policies Increase 300% over 2019
The number of valid DMARC policies observed in the DNS increased by roughly 300% over the course of 2019, based on analysis of data from Farsight Security. At the end of 2018 there were roughly 630,000 valid DMARC policies published, and at the end of 2019 this figure was 1.89 million. (See similar announcements from […]
DMARC Policies Up 250% In 2018
Over the course of 2018 the number of valid DMARC policies published in the DNS increased a little over two and a half times, based on analysis of data from Farsight Security. At the end of 2017 there were 240,151 DMARC policies published, and at the end of 2018 this figure was roughly 630,000. (The […]
Report Estimates BEC Costs Avoided By DMARC
A report released by the Global Cyber Alliance in late October attempts to quantify the expenses avoided by the companies that they have helped to implement strict DMARC policies (quarantine or reject). The full report (available here) contains a wealth of information and quotes from GCA and industry partners, while the executive summary shares a […]
DMARC.org Presenting In Tokyo Nov 28th
DMARC.org Executive Director Steven Jones will be speaking about email authentication at TwoFive, Inc’s Cloud and Messaging Day event in Tokyo on Monday, November 28th. Also appearing will be Heikki Gruner of Cloudmark, and anti-spam campaigner Neil Schwartzman. A panel discussion later in the program will also feature noted email experts Shuji Sakuraba and Ayachika […]
Spike in Number of DMARC Reports in Mid-April
On April 15-16th multiple sources reported seeing an increase in the number of DMARC reports generated or received. Between two and three and a half times as many reports per day were observed, depending on the source. There was some hope there would be a public announcement during the RSA Conference in San Francisco last […]
Top Alexa Websites and Email Authentication, Part 1
The more popular a website is, the more likely the average consumer is to trust a fraudulent message that impersonates that website’s Internet domain. One might expect that the websites at the top of the list employ email authentication to protect against that possibility, but what about sites further down the list? This piece will […]