In a significant push for email security, the adoption of DMARC, or Domain-based Message Authentication, Reporting, and Conformance, has surged, with nearly 6.8 million domains now utilizing email sender authentication. Despite this increase, many businesses remain hesitant to switch from the minimum ‘p=none’ policy to stricter enforcement levels, with only 14% of DMARC-enabled domains currently enforcing policies. According to Valimail, while the rate of new DMARC record additions has doubled to 110,000 per month as of Q3 2024, it could take nearly 15 years for the top 25 million domains to adopt DMARC fully. Concerns over losing legitimate emails hinder further adoption, particularly in industries such as non-profits, where less than 8% currently use DMARC. Experts warn that without stricter enforcement, the effectiveness of email authentication remains compromised.
Why do we care?
I don’t understand why Microsoft or Google hasn’t sold an option for doing email validation on their platforms. I’d pay for an option that ensures I know the sender is who they say they are, baked into the platform.
I had one vendor in this space tell me every MSP would have to do this work this year. It looks like they were wrong. I’m not convinced customers will pay for this as a forced security measure—they might, however, pay for a version that validates emails. I’m certainly in favor of these solutions; I simply want them to be effective.
