- Video
2026 State of DMARC Report: Information Technology
More than half of information technology domains enforce DMARC, but a long tail of unprotected domains still stand out.
Key Takeaways
- 53% of IT domains are at DMARC enforcement, 11 points above the global average
- Few are stuck in monitoring mode (16.06%) or p=none (5.08%)
- 25.81% have no valid DMARC record, higher than the overall average
- Growth is steady but slow, with ~4.5-point gains in 2025
- A clear split exists between mature adopters and unprotected domains
The State of DMARC in 2026: The IT Industry Is Split
Email security awareness is high. Follow-through isn’t.
Our 2026 report shows a familiar pattern across industries: Adoption is rising, but enforcement defines real protection. In information technology, that pattern splits in two.
On one side, a large group of organizations has fully implemented DMARC and moved to enforcement. These companies reflect strong technical maturity and awareness.
On the other side, a significant portion of IT organizations haven’t engaged at all. More than a quarter of domains still lack a valid DMARC record, leaving them fully exposed.
That divide creates a long tail of risk. And in this industry, that risk scales quickly: SaaS impersonation, fake support emails, and account takeover attempts.
Being in IT raises expectations. Enforcement is how you meet them.
“IT is a technically mature industry, but challenges still exist.”
Al Iverson
Industry Research and Community Engagement Lead at Valimail
“There’s a clear split between IT organizations doing this right and those not engaging at all.”
Al Iverson
Industry Research and Community Engagement Lead at Valimail
“DMARC adoption does not equal real protection.”
Al Iverson
Industry Research and Community Engagement Lead at Valimail
“In IT, you don’t get to claim leadership if your domain isn’t protected.”
Al Iverson
Industry Research and Community Engagement Lead at Valimail
Protect Your Domain, Customers, and Reputation
Start your path to DMARC enforcement with a panoramic view of the traffic being sent on your behalf.
No trial offers, credit cards, or obligations.
Explore all Valimail
has to offer
Enforce DMARC to move from compliance to protection.
Attackers aren’t waiting. Neither should you.
Frequently asked questions
Why is DMARC important for IT companies?
IT platforms are frequent targets for impersonation, support scams, and account attacks.
Is DMARC monitoring enough?
No, it provides visibility but doesn’t block phishing or spoofing attacks.
Why do unprotected domains matter so much?
What should IT organizations do next?
Close the gap by moving to enforcement, or deploy DMARC if you haven’t started.