A Brief History of DMARC

The history of DMARC goes back as far as 2012. At the time, there were no established protocols for authenticating email—so it was pretty much up to each company to determine how best to protect their brands from being spoofed.

As email marketing became more popular with businesses, many companies started using fake email addresses to send out spam marketing pitches or phishing attempts—and this led to a lot of problems for legitimate marketers who were trying to reach their customers.

A draft specification for DMARC was introduced on January 30th, 2012, and maintained since then. In October 2013, GNU Mailman 2.1.16 was released with options to handle posters from a domain with the DMARC policy of p=reject. In April 2014, Yahoo changed its DMARC policy to p=reject.

What is DMARC’s Current State?

In 2015, The DMARC specification was officially implemented by several global organizations and published under RFC 7489. 

The good news is that DMARC adoption has been growing steadily—but we’re still not there yet. Less than half of the organizations, globally, have adopted DMARC and even fewer have reached enforcement. This scenario needs to change at the earliest to protect emails against spoofing, phishing, and other email attack vectors.