Email Auth Q1 2026: Full Report
Enterno.io scanned email-auth setup across 10 000 active Russian domains (March 2026) sending transactional/marketing email. SPF — 78% of domains, DKIM — 54%, DMARC — 31% (of those, 78% p=none, not enforced). Gmail/Yahoo in Feb 2024 introduced mandatory enforcement for 5000+ emails/day — any bulk sender without the full triad loses delivery. For RU-only traffic — Yandex.Mail became stricter in 2025.
Below: key findings, platform breakdown, implications, methodology, FAQ.
Key Findings
| Metric | Pass/Value | Median | p75 |
|---|---|---|---|
| SPF record present | 78% | — | — |
| DKIM signing active | 54% | — | — |
| DMARC record present | 31% | — | — |
| DMARC p=none (monitor only) | 78% of DMARC adopters | — | — |
| DMARC p=quarantine | 14% | — | — |
| DMARC p=reject (full enforce) | 8% | — | — |
| Full triad (SPF+DKIM+DMARC) | 28% | — | — |
| Passed Gmail/Yahoo 2024 requirements | 24% | — | — |
Breakdown by Platform
| Platform | Share | Detail | — |
|---|---|---|---|
| Yandex Mail 360 (for domains) | 18% | SPF+DKIM: auto, DMARC: manual | — |
| Mail.ru (business) | 12% | SPF+DKIM: auto | — |
| Google Workspace | 8% | SPF+DKIM: auto, DMARC: manual | — |
| Bitrix24 email | 6% | SPF: 34% / DKIM: 12% | — |
| Mailgun/Sendgrid | 7% | Full triad: 89% | — |
| Custom SMTP | 28% | Full triad: 18% | — |
Why It Matters
- Since Feb 2024 — without at least DMARC p=none, Gmail/Yahoo reject bulk senders (>5000 emails/day)
- Yandex.Mail since 2025 requires SPF+DKIM mandatory, DMARC recommended. Without — spam folder or reject
- 78% DMARC adopters on p=none — that's not enforcement, attacker can still spoof
- Custom SMTP without professional email provider — 82% fail GSuite/Yandex requirements
- Quick win: set up through Mailgun/Sendgrid auto-configures the full triad in 30 min (vs 2-4 weeks manual)
Methodology
List of 10k active RU domains (Mail.ru MX + Yandex.Mail MX + custom SMTP detection). DNS queries: SPF (TXT), DKIM (TXT with selector probing: default/google/mail/mandrill/s1/s2), DMARC (_dmarc.domain TXT). March 2026.
Why teams trust us
How it works
Enter domain and selector
Fetch DKIM TXT record
Validate public key
What is DKIM?
DKIM (DomainKeys Identified Mail) is a mechanism to digitally sign email with a key stored in DNS. This allows recipients to verify that the email was genuinely sent from the specified domain.
Selector-based Check
Specify domain and DKIM selector — get the public key and its parameters.
Key Analysis
RSA/Ed25519 key length, hash algorithm, flags, and validity period.
Recommendations
If key < 2048 bits — we issue a warning and key rotation instructions.
Instant Result
Direct DNS query in seconds — no waiting for TTL.
Who uses this
Email marketers
pre-send verification
Sysadmins
mail server setup
Security
phishing protection audit
Developers
email deliverability debug
Common Mistakes
Best Practices
Get more with a free account
DKIM check history and DNS monitoring for domain record changes.
Sign up freeLearn more
Frequently Asked Questions
What are Gmail/Yahoo 2024 requirements?
Since Feb 2024: senders of 5000+ emails/day to Gmail/Yahoo must have SPF + DKIM + DMARC (minimum p=none), one-click unsubscribe header, spam rate < 0.3%. Otherwise — throttling or reject.
Is DMARC p=none enough?
For Gmail 2024 — yes. But attackers can still spoof your domain (p=none is monitor-only). Goal: progress to p=quarantine → p=reject.
How to check my setup?
<a href="/en/dkim">Enterno DKIM/DMARC checker</a> scans SPF+DKIM+DMARC with one URL. Or mail-tester.com for a full email score.
Mailgun/Sendgrid vs self-SMTP?
For <10k emails/mo — self-SMTP works (with proper triad setup over 2-4 weeks). For scale or reliability — provider saves time and pain.