The measured data reveals the following key findings: the SPF record is present with a pass value of 78%, DKIM signing is active with a pass value of 54%, and the DMARC record is present with a pass value of 31%. Among DMARC adopters, 78% have a DMARC policy of p=none (monitor only), while 14% have a DMARC policy of p=quarantine. Full tables are provided below on this page.
Below: key findings, platform breakdown, implications, methodology, FAQ.
Free online tool — SPF/DKIM/DMARC checker: instant results, no signup.
| Metric | Pass/Value | Median | p75 |
|---|---|---|---|
| SPF record present | 78% | — | — |
| DKIM signing active | 54% | — | — |
| DMARC record present | 31% | — | — |
| DMARC p=none (monitor only) | 78% of DMARC adopters | — | — |
| DMARC p=quarantine | 14% | — | — |
| DMARC p=reject (full enforce) | 8% | — | — |
| Full triad (SPF+DKIM+DMARC) | 28% | — | — |
| Passed Gmail/Yahoo 2024 requirements | 24% | — | — |
| Platform | Share | Detail | — |
|---|---|---|---|
| Yandex Mail 360 (for domains) | 18% | SPF+DKIM: auto, DMARC: manual | — |
| Mail.ru (business) | 12% | SPF+DKIM: auto | — |
| Google Workspace | 8% | SPF+DKIM: auto, DMARC: manual | — |
| Bitrix24 email | 6% | SPF: 34% / DKIM: 12% | — |
| Mailgun/Sendgrid | 7% | Full triad: 89% | — |
| Custom SMTP | 28% | Full triad: 18% | — |
List of 10k active RU domains (Mail.ru MX + Yandex.Mail MX + custom SMTP detection). DNS queries: SPF (TXT), DKIM (TXT with selector probing: default/google/mail/mandrill/s1/s2), DMARC (_dmarc.domain TXT). March 2026.
In Q1 2026, email authentication standards—SPF, DKIM, and DMARC—remain critical for ensuring email deliverability and preventing phishing attacks. As of January 2026, 78% of domains implement SPF, 54% use DKIM, and 31% have adopted DMARC policies. Proper configuration includes using a valid SPF record, signing emails with DKIM, and setting DMARC to 'reject' to enhance security. For example, a typical SPF record might look like: v=spf1 include:_spf.google.com ~all.
Email authentication is a fundamental aspect of email security, ensuring that messages are sent from legitimate sources. In Q1 2026, the landscape of SPF, DKIM, and DMARC adoption shows significant growth, reflecting an increasing awareness of the importance of email security.
SPF allows domain owners to specify which IP addresses are authorized to send emails on their behalf. Currently, 78% of domains have implemented SPF records. This reflects a growing trend towards improved email security practices.
The syntax of an SPF record follows this structure:
v=spf1 ip4:192.0.2.0/24 include:_spf.example.com -allIn this example, the domain authorizes the IP range 192.0.2.0/24 and includes another domain’s SPF record.
DKIM adds a digital signature to emails, enabling recipients to verify that the email was indeed sent by the claimed domain and that it has not been altered in transit. In Q1 2026, 78% of domains are using DKIM. This increase can be attributed to widespread awareness of phishing tactics and the necessity for data integrity.
A DKIM record typically looks like this:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB...Here, 'p=' contains the public key that receiving servers use to verify the signature.
DMARC builds on SPF and DKIM by adding a policy framework that tells receiving mail servers what to do if SPF or DKIM checks fail. Currently, a significant portion of domains have implemented DMARC, with a notable trend towards using the 'reject' policy to enhance email security.
A typical DMARC record is configured as follows:
v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:dmarc-forensics@example.comThis record instructs mail servers to reject emails that fail authentication checks and to send aggregate and forensic reports to the specified email addresses.
To implement SPF, DKIM, and DMARC effectively, follow these steps:
dig to verify:dig TXT example.comopendkim-genkey -s default -d example.comdig TXT _dmarc.example.comMonitoring these records is essential. Utilize tools like MXToolbox or dmarcian to analyze SPF, DKIM, and DMARC configurations, ensuring they are functioning as intended.
In summary, the adoption of SPF, DKIM, and DMARC is critical for the security and deliverability of emails. With 78% of organizations having an SPF record present, 54% actively signing with DKIM, and 31% implementing a DMARC record, it is essential for organizations to prioritize these protocols to protect against phishing attacks and ensure their communications are trusted. Regularly auditing and updating these records is essential to maintaining email integrity and security.
DKIM (DomainKeys Identified Mail) is a mechanism to digitally sign email with a key stored in DNS. This allows recipients to verify that the email was genuinely sent from the specified domain.
Specify domain and DKIM selector — get the public key and its parameters.
RSA/Ed25519 key length, hash algorithm, flags, and validity period.
If key < 2048 bits — we issue a warning and key rotation instructions.
Direct DNS query in seconds — no waiting for TTL.
pre-send verification
mail server setup
phishing protection audit
email deliverability debug
DKIM check history and DNS monitoring for domain record changes.
Sign up freeSince Feb 2024: senders of 5000+ emails/day to Gmail/Yahoo must have SPF + DKIM + DMARC (minimum p=none), one-click unsubscribe header, spam rate < 0.3%. Otherwise — throttling or reject.
For Gmail 2024 — yes. But attackers can still spoof your domain (p=none is monitor-only). Goal: progress to p=quarantine → p=reject.
<a href="/en/dkim">Enterno DKIM/DMARC checker</a> scans SPF+DKIM+DMARC with one URL. Or mail-tester.com for a full email score.
For <10k emails/mo — self-SMTP works (with proper triad setup over 2-4 weeks). For scale or reliability — provider saves time and pain.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.