Just 0.3% of domains implemented an MTA-STS TXT record. 571 (19.5%) of these domains have implementation errors (see complete list below). Among the valid MTA-STS implementations, 54.3% publish an 'enforce' policy, while 45% have opted for a 'testing' policy. In summary, 1278 domains leverage MTA-STS to fortify their defenses against Man-in-the-Middle (MitM) downgrade attacks.
"If email is subject to the DMARC policy of "reject", the Mail Receiver SHOULD reject the message (see Section 10.3). If the email is not subject to the "reject" policy (due to the "pct" tag), the Mail Receiver SHOULD treat the email as though the "quarantine" policy applies. This behavior allows Domain Owners to experiment with progressively stronger policies without relaxing existing policy."
https://URIports.com/dmarc offers services starting at just $1 monthly for up to 3 domains. It's GDPR compliant and includes features like notifications, hosted MTA-STS for protection against Man-in-the-Middle (MiTM) downgrade attacks, and much more.
For those interested in testing their email for SPF, DKIM, and DMARC compliance or eager to learn about these mechanisms that enhance email security and prevent spoofing, check out https://learnDMARC.com. This is a site I developed to promote adoption and share knowledge. It includes a challenging quiz, tough even for professionals. I'd be keen to know your scores on the first attempt – honesty counts!
As DMARC relies on the RFC5322.From address, omitting it will lead to errors. To avoid these errors, emails lacking this address are currently being ignored.