By the team at MailTester Ninja — a real-time email verification API that stores nothing.
Across 50,000 of the world's most-linked domains, 64.6% publish a DMARC record. Sounds healthy — until you read the policy.
Only 22.7% of all domains are on p=reject. Of the domains that publish DMARC at all, the split is:
-
p=none— 37.2% -
p=reject— 35.2% -
p=quarantine— 27.6%
p=none is monitoring only: it asks receivers to do nothing. A domain on p=none announces a policy it doesn't enforce — spoofable in practice, even though the record exists. The takeaway for anyone sending or securing email: publishing DMARC is not the same as being protected by DMARC. The path is p=none → p=quarantine → p=reject, and most of the web stops at step one.
Check any domain yourself — our free deliverability analyzer shows a domain's MX / SPF / DMARC in one click (no signup, nothing stored). Need to confirm whether a specific mailbox actually exists and is deliverable? That is exactly what MailTester Ninja does in real time — and we store no data.
Source: MailTester Ninja's open Email Infrastructure Index — a live DNS scan of 50,000 of the world's most-linked domains, updated daily, aggregate only. Free to cite under CC BY 4.0. Snapshot: Thu, 02 Jul 2026 04:17:15 GMT.
Top comments (0)