Australian Federal Government DMARC Compliance and Conformance Data
This dataset is a summary of 611 Australian Government domains and their DMARC compliance and conformance. The data is a subset of the Trusted Sender Score dataset. You can click through to domain email trust profiles.
What is the difference between DMARC Compliance and DMARC Conformance?
The difference between DMARC compliance and DMARC conformance is the outcome of the interpretation of the DMARC DNS record published by a domain owner and the subsequent effect it has on preventing spoof email when authenticated. A domain that has been configured using the DMARC protocol for the prevention of being used in a spoof email is referred to as DMARC compliance. DMARC conformance refers to an email domain that has been configured using any DMARC variation however the configuration and subsequent emails being authenticated do not always protect the a domain from unauthorised use however they are accepted for mail delivery, therefore conforming to less strict policies.
In 2017 David Barnes, Zulu Labs CEO, concluded research into which DMARC parameters prevent a domain from being spoofed.
He concluded that if the DNS entry was to contain p=reject and sp=none then the DMARC record would fail compliance but will (depending on the email headers) conform to the DMARC protocol. If a record was set to p=reject and pct=25% it would also fail compliance but could (depending on the email headers) conform to the DMARC protocol. This fails a compliant state as only 25% of all email is being instructed to be checked by the receiving email servers. The policy must be either pct=100 or left unset.
To be DMARC compliant the DMARC record must be set to p=reject or p=quarantine for all email with no variations for subdomains.
David Barnes released the first DMARC compliant algorithm on Github in 2018.
Subsequently David discovered that DMARC compliant emails can still be spoofed if certain conditions were met. The original example is published on SourceForge which can be read here. The safest domain configuration and mail authentication policy is to ensure that double check DMARC conformance is implemented.
What percentage of Australian Government domains have a DMARC record?
The percentage (%) of Australian Government domains with a DMARC record is:
What percentage of Australian Government domains are DMARC compliant?
The percentage (%) of DMARC compliant Australian Government domains is: