Email Security Blog

DMARC by the Numbers

Agari February 20, 2014 DMARC
Fallback Featured Image

DMARC, which stands for Domain-based Message Authentication, Reporting, & Conformance, is a specification that defines how email can be authenticated by receivers and how they can report the authentication results back to the sender. The specification was published in 2012, and it is now celebrating its second year of having a positive effect in protecting consumer inboxes from spoofed email.

To illustrate this trend, Agari is taking a look back to the beginning of DMARC and the significant contributions it’s made in the past two years alone.

  • 2012: the year the DMARC specification was published
  • PayPal stated that customer reports of suspicious email dropped in the U.S. by more than 70% during 2013
  • Microsoft announced that reports of phishing by users of dropped by more than 50% in 2013
  • 25 million: number of prevented attacks on PayPal and ebay customers during the 2013 holiday buying season that were stopped by implementing DMARC
  • 2 billion: number of email sender accounts protected worldwide
  • 90%: percent of emails received by Gmail users that are now authenticated by DKIM or SPF, the underlying authentication mechanisms used by DMARC.
  • 80,000+: number of domains that have already published policies via DMARC, allowing them to reject unauthenticated messages
  • 5000%: percent Google’s amount of spoofing email claiming to be from a major corporation during their busiest season dropped after implementing a DMARC reject policy
  • 85%: percent of the people who receive email from Facebook who are protected by DMARC
  • In the process of deploying DMARC, Twitter first took advantage of its reporting features to identify the scope of abuse against their domains. During the first 45 days of initial monitoring, Twitter saw nearly 2.5 billion messages spoofing its domains. The spoofed messages exceeded 110 million per day at their peak. Once Twitter moved to a DMARC “reject” policy, the number of spoofed messages dropped to only a few thousand within days.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 17, 2019 Fareed Bukhari

The Time is Now: Underscoring the Importance of DMARC for State and Local Governments

Scammers know that impersonating a trusted government agency is an extremely effective way to trick…

Agari Blog Image

February 26, 2019 Armen Najarian

Retail Trails Other Sectors in Adopting DMARC for Phishing Prevention

Recent research by the Agari Cyber Intelligence Division finds that the retail industry is dead…

Person Looking at DMARC Protected Email

February 19, 2019 Fareed Bukhari

DMARC Adoption Up, But 85% of Fortune 500 Remains Vulnerable to Brand Hijacking

Adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) has seen modest growth in recent…

Agari Blog Image

October 16, 2018 Fareed Bukhari

One Year Later: Federal Mandate for Email Authentication Huge Success

Responding to BOD 18-01, agencies rally to complete the fastest sector-wide adoption of DMARC One…

Agari Blog Image

October 16, 2018 Patrick Peterson

DMARC: A 12-Month Triumph for DHS—and the Nation

Today is the deadline set by the Department of Homeland Security for all executive branch…

mobile image