The State of DMARC Email Authentication and Security Standard: Promises and Challenges Ahead

The state of DMARC email authentication and security standard started the year with high expectations in 2024. Google and Yahoo set a deadline of February for bulk email senders to implement the Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy. As a result, the number of email domains with a valid DMARC record saw a 60% increase in just two months, totaling nearly 6.8 million domains with email sender authentication configured by September.

Despite this initial surge, businesses have been slow to fully embrace email authentication on their domains. Many have yet to transition from DMARC’s basic policy of ‘p=none’ to more strict policies that enforce quarantining or rejecting non-authenticated emails. In fact, the share of DMARC-enabled domains with an enforced policy has decreased from 18% to less than 14% over the past year.

Concerns about potentially missing legitimate messages have deterred some companies from implementing stricter enforcement measures. The fear of losing out on crucial leads and customer communications has led to a conservative approach towards DMARC adoption.

With major email services likely to push for further DMARC compliance, organizations are advised to plan for transitioning their policies to higher levels of enforcement. Valimail’s Seth Blank emphasizes the importance of monitoring DMARC reports at every enforcement level to improve email security and prevent abuse. As the industry moves towards greater email authentication, companies will need to adapt to ensure the integrity of their email communications.