Skip to main content
Brief history of email authentication

Brief history of email authentication

Email Security Insights

As the largest deployed application on the internet, email is huge! And it takes a long time to change the fundamentals:


  • First SPF draft




  • BITS Email Security Working Group publishes paper recommending TLS + SPF + DKIM for email
  • DKIM RFC published
  • PayPal + Yahoo blocking based on DomainKeys+SPF goes live


  • PayPal publishes “A Practical Approach To Managing Phishing”


  • BITS publishes deployment guide for email authentication
  • First companies launch to build business on top of authenticated email model
  • Private-channel model prototyped by webmail providers


  • proto-DMARC.ORG effort begins, organized by PayPal to create Internet-scale success as published in 2008
  • Anti-Phishing solutions built on top of proto-DMARC start shipping



  • First DMARC draft released
  • launches to support DMARC
  • DMARC adoption reaches ~60% of global consumer inboxes


  • BITS publishes “BITS Email Authentication Policy and Deployment Strategy for Financial Services Firms,” recommends DMARC.
  • DMARC.ORG specification work moves to the IETF


  • DMARC Working Group chartered within IETF


  • becomes initiative under the Trusted Domain Project, a non-profit and tax-exempt public benefit corporation in State of California.

We’re Here to Help

With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.

You can get in touch with us or register for a free trial where our onboarding and support team will help you along the way.

Want to continue the conversation? Head over to the dmarcian Forum.