By the team at MailTester Ninja — a real-time email verification API that stores nothing.
We verify a lot of email for a living. So we pointed our infrastructure at a representative panel of 50,000 of the world's most-linked domains and measured how email is actually configured in 2026 — MX providers, SPF and DMARC. Pure DNS, aggregate only, no personal data.
Here's what the internet's mail setup looks like right now.
Email is still (almost) everywhere
79.9% of these domains are mail-enabled (they publish MX records). Email isn't going anywhere.
Authentication: adopted, but not enforced
- 75.8% publish an SPF record
- 64% publish a DMARC record
- …but only 22.6% actually enforce it with
p=reject
That last number is the real story. Of the domains that bother to publish DMARC, only 35.2% are on p=reject — the rest sit on p=none (37.2%, monitoring only) or quarantine (27.6%). Most of the web announces a policy it doesn't enforce. That's a deliverability and spoofing gap hiding in plain sight.
Who runs the world's inboxes?
- Other / self-hosted — 32.6%
- Google Workspace / Gmail — 28.2%
- Microsoft 365 / Outlook — 22.5%
- Proofpoint — 5.5%
- Mimecast — 3.1%
- Tencent QQ — 2%
- Namecheap — 1.3%
- Cisco IronPort — 0.9%
Self-hosted and the two hyperscalers (Google Workspace and Microsoft 365) dominate, but the long tail of providers is very real — which is exactly why deliverability is hard: every provider blocks, greylists and reputation-scores differently.
Why we publish this
We built an open, daily-updated dataset and a live dashboard because deliverability decisions should be based on data, not folklore. It's CC BY 4.0 — use it, cite it, build on it.
Want to check a specific domain? Our free analyzer shows any domain's MX / SPF / DMARC in one click — no signup, nothing stored.
Methodology: Live DNS scan (MX/SPF/DMARC). Aggregate only — no email sent, no personal data. Sample updated Wed, 01 Jul 2026 12:31:00 GMT.
Top comments (0)