DMARC.org Domain-based Message Authentication, Reporting & Conformance
Useful Presentations
By the Numbers
  • Nearly 2 billion email accounts worldwide are protected by DMARC.
  • Greater than 80% of typical US users are protected by DMARC.
  • Over 80,000 active domains have deployed DMARC.
  • Return Path reports a 130% increase in clients and domains publishing DMARC records.
  • More than 25 million email messages spoofing PayPal were rejected during the 2013 holiday buying season.
  • During the first 45 days of initial monitoring, Twitter saw nearly 2.5 billion messages spoofing its domains.
  • Twitter reports ~110 million messages/day were spoofing its domains prior to deploying DMARC, reduced to only 1,000/day after publishing a "reject" policy.
  • Outlook.com reports a 50% drop in reported phishing in 2013, in part due to DMARC.
  • Publishers Clearing House reports they used DMARC to block over 100,000 unauthenticated messages in a single 90 day period during 2013.

DMARC Specification


Related Specifications

The following specifications, listed alphabetically, are related to DMARC in various ways.

Authentication Failure Reporting Format (AFRF)

  • A new report sub-type extension for the Abuse Report Format (ARF) (see: RFC 5965)
  • Allows for relaying of forensic details regarding an authentication failure
  • Supports reporting of SPF and/or DKIM failures
    • For SPF, reports the client IP address and the SPF record(s) that were retrieved, producing a "fail" result
    • For DKIM, reports the canonicalized header and body that produced a failed signature, allowing forensic analysis by the signer to detect why the failure occurred
    • Also supports ADSP reporting of messages that weren't signed but should have been
  • This will be used by DMARC sites for reporting per-message failure details.
  • An aggregate reporting format is suggested within an appendix of the DMARC specification.

DomainKeys Identified Mail (DKIM)

  • DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
  • DMARC uses DKIM results as one method (SPF being the other) for receivers to check email.
  • More Information: DKIM.org

Sender Policy Framework (SPF)

  • SPF provides a method for validating the envelope sender domain identity that is associated with a message through path-based authentication.
  • DMARC uses SPF results as one method (DKIM being the other) for receivers to check email.
  • More Information: OpenSPF.org