Email is huge (largest deployed application on the Internet?) and it takes a long time to change the fundamentals.
2003:
2004:
- First DomainKeys draft (predecessor to DKIM)
2006:
- First DKIM draft
- PayPal begins work with Yahoo on authentication-based model
2007:
- BITS Email Security Working Group publishes paper recommending TLS + SPF + DKIM for email
- DKIM RFC published
- PayPal + Yahoo blocking based on DomainKeys+SPF goes live
2008:
- PayPal publishes “A Practical Approach To Managing Phishing”
2009:
- BITS publishes deployment guide for email authentication
- First companies launch to build business on top of authenticated email model
- Private-channel model prototyped by webmail providers
2010:
- proto-DMARC.ORG effort begins, organized by PayPal to create Internet-scale success as published in 2008
- Anti-Phishing solutions built on top of proto-DMARC start shipping
2011:
- DMARC.org organizes, begins work.
2012:
- First DMARC draft released
- dmarcian.com launches to support DMARC
- DMARC adoption reaches ~60% of global consumer inboxes
2013:
- BITS publishes “BITS Email Authentication Policy and Deployment Strategy for Financial Services Firms”, recommends DMARC
- DMARC.ORG specification work moves to the IETF
2014:
- DMARC Working Group chartered within IETF
2015:
- DMARC.org becomes initiative under the Trusted Domain Project, a non-profit and tax-exempt public benefit corporation in State of California.