A new study from Valimail on DMARC usage and success found that domain spoofing declines to nearly zero “within a few months after that domain moves to DMARC enforcement.”
Nearly 80% of inboxes worldwide and almost all email providers use machine learning to analyse DMARC policies of incoming email, generally enforcing whatever policy was laid out by the owner of the domain.
A few key findings from the study –
a) nearly 1 million domains globally now have DMARC records;
b) 70% growth in DMARC records in the past year and 180% growth over two years;
c) only 13% of all DMARC records are configured with enforcement policies;
d) 23% of billion-dollar companies’ domains are using enforcement;
e) the U.S. remains the largest source of spoofed email by volume; and
f) domains without DMARC enforcement are spoofed at 93 times the rate of domains with it.
Another source states the number of valid DMARC policies observed in the DNS increased by roughly 300% over the course of 2019. The stats show that at the end of 2018 there were about 630,000 valid DMARC policies published. That number had exponentially increased by the end of 2019 to 1.89 million valid DMARC records confirmed via DNS.
Why should you care? Thousands of domain owners haven’t configured enforcement policies which dictate how recipient inboxes handle their incoming email. If your DMARC policies are not being enforced, inboxes could be rejecting or quarantining your emails.
Learn more about domain spoofing declines by downloading the full report here.