今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

What 10,000 domains actually publish for email authentication in 2026

Vadim Ivanov 2026年06月27日 17:51 2 次阅读 来源:Dev.to

Email authentication has been "solved" on paper for years. SPF, DKIM, and DMARC are old standards, every deliverability guide repeats them, and Google and Yahoo made DMARC effectively mandatory for bulk senders in 2024. So I expected the top of the web to be in good shape. In June 2026 I ran SPF, DKIM, DMARC, and MTA-STS checks across the Tranco top 10,000 domains, using public resolvers (1.1.1.1 and 8.8.8.8) and the same checks my own tool runs. The records are public DNS, so anyone can reproduce this. The picture is worse than the "solved problem" framing suggests, and the interesting part is not adoption, it is where people stop. A third of the top 10k still have no DMARC 3,318 of the 9,937 domains that resolved (33.4%) publish no DMARC record at all. These are not obscure sites, they are the most-visited domains on the web. Without DMARC a receiver has no published instruction for what to do when SPF and DKIM fail, and you get none of the aggregate reporting that tells you who is sending as you. It does get better at the very top. Among the top 1,000 domains, 28.4% have no DMARC, versus 34% across the rest of the 10k. Better, not good. The real problem is p=none, not missing records This is the number that actually matters. Of the 6,619 domains that do publish DMARC, only 46.5% are at p=reject . About a quarter (26%) are still sitting at p=none . p=none is monitor-only. It asks receivers to report what they see and to enforce nothing. It is the correct first step: publish p=none , collect aggregate reports, fix the sources that should be passing, then tighten the policy. The trouble is that p=none is also where most deployments quietly stop. The reports start arriving, nobody reads them, and the domain sits unprotected behind a policy that does nothing while looking like progress. Moving from p=none to p=reject is the step that turns DMARC from a dashboard into a defense, and it is the step most people never finish. I wrote up the safe way to make that move , si

本文内容来源于互联网,版权归原作者所有
查看原文