The number of email domains using Domain based Message Authentication, Reporting, and Conformance is expected to skyrocket by 2020. (DMARC). According to a recent analysis by, this number is expected to increase by 43% over the prior year, hitting 2.7 million in 2021.

The problem is that, even after implementing DMARC, effective domain security remains a work in progress. This is due to the fact that the vast majority of these domains have no policy regarding unauthenticated emails.


DMARC is an email authentication protocol that helps in the protection of an email domain against threat actors that spoof it and send emails on your behalf. As a result, protecting it from cyber criminals is essential, as cyber criminals may spoof your email domains and use them to carry out malicious activities. This can be hugely harmful to your company's reputation. Moreover, it may harm your company's client relationships, business reach, and credibility.

DMARC basically monitors two email authentication protocols – Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). These authentication protocols have 3 basic purposes –

  1. Ensuring that the sender’s emails are secured by both key authentication standards, SPF and DKIM.
  2. Sending out orders to receiving mail servers in the situation when neither of the authentication methods passes.
  3. Giving a path to the receiving server to revert the sender about messages that pass or fail the DMARC assessment

These are the reasons why DMARC should be implemented to secure your email domain. As a result, it can protect your emails from ending up in the junk folder of the recipient. The lack of or absence of email domain security can result in the organization's business reach being stifled. Your company's revenue can rocket if you increase your email engagement and deliverability rates.


As previously stated, the number of domains that have adopted DMARC has increased significantly in 2021. However, many of these domains still do not have a policy in place to reject or quarantine emails that are not verified.

Three policies when an email fails DMARC authentication:

  • None – With this policy, the email receiver won’t do anything with the emails. The email goes into the inbox of the receiver.
  • Quarantine – With this policy, the emails that fail DMARC checks will be sent into the spam folder of the receiver.
  • Reject – With this policy, the emails that fail DMARC checks will be totally rejected by the receiver.

Organizations are now recognizing the importance of DMARC. However, there is still work to be done to ensure that a policy is in place for emails that fail DMARC authentication.

According to a USENIX study published in 2018, 60% of domains with a mail server had an SPF record, but only 6% had a DMARC policy for emails that refused to authenticate.