DMARCbis Adoption Data (DMARC2)
Track the adoption of DMARCbis across major email providers
Monitor the transition to DMARCbis, the next generation of DMARC reporting, showing how email providers are adopting the new standard.
Weekly Adoption Trend
Last updated: April 28, 2025 at 14:49 UTC
Data period: Monday, April 22, 2024 to Monday, April 28, 2025
0.2%
DMARCbis Adoption Rate
3
DMARCbis Reporters
1,590
Total DMARC Reporters
Adoption by top DMARC Reporters
| DMARC Reporter | DMARCbis Rate | First DMARCbis Report | Last DMARCbis Report |
|---|---|---|---|
| GMX | 100.0% | Jul 27, 2024 10:39 UTC | Apr 28, 2025 06:04 UTC |
| mail.com | 100.0% | Jul 27, 2024 10:39 UTC | Apr 28, 2025 06:04 UTC |
| WEB.DE | 100.0% | Jul 27, 2024 10:38 UTC | Apr 28, 2025 06:04 UTC |
| google.com | 0.0% | ||
| Yahoo | 0.0% | ||
| Enterprise Outlook | 0.0% | ||
| Outlook.com | 0.0% | ||
| Mimecast | 0.0% | ||
| AMAZON-SES | 0.0% | ||
| zoho.com | 0.0% | ||
| GoDaddy.com | 0.0% | ||
| Fastmail Pty Ltd | 0.0% | ||
| seznam.cz a.s. | 0.0% | ||
| Area 1 Security | 0.0% | ||
| Cisco Secure Email | 0.0% | ||
| infomaniak com | 0.0% | ||
| wp.pl | 0.0% | ||
| emailsrvr.com | 0.0% | ||
| o2.pl | 0.0% | ||
| comcast.net | 0.0% |
DMARCbis in Practice: Understanding t, psd, and np
DMARCbis introduces new tags to help domain owners and email service providers refine how authentication policies are tested and enforced. Below is an explanation of how each of these affects email authentication, along with real-world usage scenarios.
t=y
Testing Mode
Setting
t=y
indicates that a domain is in "testing mode." This new tag replaces the
pct=
tag from the original DMARC specification, providing a clearer way to signal testing intent. When
t=y
is set, Mail Receivers are encouraged to treat the policy as less strict. Specifically:
-
A policy of
p=rejectwitht=y(formerpct=0) may be treated asp=quarantine -
A policy of
p=quarantinewitht=y(formerpct=0) may be treated asp=none
This approach allows domain owners to monitor the impact of stricter policies without immediately enforcing them, thereby reducing the risk of legitimate email being rejected during the testing phase.
Example:
v=DMARC1; p=reject; rua=mailto:[your-domain.com]@rua.dmarcdkim.io; t=y
psd=y
Public Suffix Domain Policy
The
psd=y
tag allows a Public Suffix Domain (PSD) like
gov.uk
or
bank
to publish a DMARC policy that applies to all domains beneath it, even if those subdomains haven't explicitly set DMARC records.
This is particularly helpful in environments where:
- Security policy needs to be enforced at a registry or sector level.
- Many subdomains are registered or operated independently (e.g., by municipalities or banks).
- Centralized governance of domain security is required.
Example (published at the PSD level):
_dmarc.bank. IN TXT "v=DMARC1; p=quarantine; psd=y"
np=reject
Subdomain Policy for Non-Existent Domains
The
np=
tag specifies a DMARC policy for subdomains that do not exist (NXDOMAIN), but may still be spoofed.
This closes a loophole where attackers could forge emails from
random.nonexistent.company.com
to bypass the main DMARC policy of
company.com
Example:
v=DMARC1; p=reject; np=reject; rua=mailto:[your-domain.com]@rua.dmarcdkim.io
With this configuration:
-
Legitimate mail from
company.commust pass DMARC checks. -
Any forged email from a non-existent subdomain like
secure-login.company.comwill be rejected.
Together, these new tags give domain owners more control over authentication behavior and improve protection across edge cases. Use
t=y
during rollout,
psd=y
for registry-level policy, and
np=
to block spoofing from unregistered subdomains.
Check domain and follow the instructions to nail down your DMARC configuration.
No expert knowledge needed!