DMARC: 100,000 Reports Processed

Back in July we launched our DMARC monitoring tool as a labs project, built on top of Postmark’s inbound processing.

It’s been humming along and attracting some great attention. We recently released a full API as well, completely free.

Since July, the service has processed over 100,000 reports for 524 domains. For such a unique email standard we consider this a huge success. It furthers our goal of supporting and encouraging email authentication as we have from day 1 at Postmark.

Since we’ve processed 100,000 reports, I thought it would be nice to post some overall statistics.

Number of reports by ISP #

By far, Google has been sending us the most reports, accounting for 34% of all of the reports we received. This is not entirely surprising considering the number of people who use Gmail and Google Apps for email.

DMARC reports segmented by ISP

DMARC alignment results #

By looking at all messages processed since July, we can see what the DMARC alignment looks like across the board.

DMARC alignment by month

Let’s look at November. About 7.6% of emails are fully aligned with DMARC policies. This means that both DKIM and SPF were verified and the FROM and Return-Path domains matched.

Partially aligned results mean that either DKIM or SPF was passing according to the DMARC policy. In general, a domain owner has added at least some record to DNS for this to happen, so we still consider these trusted sources. They are just not fully aligned according to DMARC. For November, 47% of messages were partially aligned.

Untrusted messages means that email authentication was not detected by the ISP or the methods were failing. For monitoring purposes, this is where we want people to focus for now to find legitimate sources that do not use DKIM or SPF.

At 45%, it’s difficult to say whether these messages are indeed spam or if they are legitimate message that are not properly configured with email authentication. It’s something that each domain owner has to look at individually.

Numbers by domain #

While looking at the numbers across all messages is interesting, it does not really give us a clear idea on adoption. If a few domains in the list were getting abused by spammers (untrusted messages) then it would skew the results. Instead, I wanted to look at how many domains in the list had at least one fully aligned message during the time period. This would tell us how many domains implemented DKIM and SPF with matching FROM and bounce domains.

Out of the 524 domains we process reports for, we found that 248 had at least one fully aligned message. That’s 47% of domains who have both DKIM and SPF setup and use email providers who support it. It’s pretty good, but I would love to see that increase over time.

One thing that should help these results improve is Postmark officially supporting DMARC through custom bounce domains. While we do send messages with both DKIM and SPF confirmed, the from domain and bounce domain must match. It does not affect inbox rates, but it does affect DMARC alignment.

What’s else? #

It would be interesting to look at the progress of domains over time. We may run some additional reports to see if the monitoring is motivating people to adopt authentication over time.

What else would you like to see?