United States DMARC & MTA-STS Adoption Report 2026
PowerDMARC’s 2026 Report on email authentication in the U.S. aimed to study the country’s DMARC adoption, its configuration, and its focus on advanced transit security protocols like MTA-STS and DNSSEC. Our statistics sprawl over the nation as a whole and its major industries to reveal key security issues that remain unseen.
The unsurprising part is the robust DMARC adoption, reflecting serious consideration toward email authentication protocols. The surprise was the lack of transit protection, where spoofing and downgrade risk persist the most.
Despite heightened federal guidance, such as CISA’s “Shields Up” posture and broader national cybersecurity initiatives, the U.S. remains a primary playground for AI-driven spoofing and Business Email Compromise (BEC) scams that cost the economy over $2.9 billion last year.
This PowerDMARC analysis reveals a nation that has addressed identity authentication (SPF/DMARC) but left transport layer security (MTA-STS) and zone integrity (DNSSEC) dangerously exposed. Let’s take a quick look at what the report reveals.
