IETF Logo Mail Archive

Re: [dmarc-ietf] draft-crocker-dmarc-author-00 ?

Neil Anuskiewicz <neil@marmot-tech.com> Tue, 18 August 2020 17:33 UTC

Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E7663A0882 for <dmarc@ietfa.amsl.com>; Tue, 18 Aug 2020 10:33:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PatGV8856KJi for <dmarc@ietfa.amsl.com>; Tue, 18 Aug 2020 10:33:02 -0700 (PDT)
Received: from mail-il1-x12f.google.com (mail-il1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 355993A0881 for <dmarc@ietf.org>; Tue, 18 Aug 2020 10:33:01 -0700 (PDT)
Received: by mail-il1-x12f.google.com with SMTP id r13so13909472iln.0 for <dmarc@ietf.org>; Tue, 18 Aug 2020 10:33:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dcApEWYSdHYzh9m3XXesELXFOBYlIWselA6v8cefS+w=; b=GxEbm7HhPhZj39AiiWetc0Qk8Rnjrn84YGo+KtQ4PCnp/a4diss/67Rkl21KUupx6m M1zQXYQw+RpTkXrSZRqU7tBjHXlV447J5kPjNbpHrGS+3HoAtVJx50c3FcNwxpd21SFx 2vh63NustRNh6dryIsD9mXlk3qzDQY5BH5O/w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dcApEWYSdHYzh9m3XXesELXFOBYlIWselA6v8cefS+w=; b=gkzc019KHJDX/OSTdFCl9w+6ImzGy33p/T5/U9v0Z5kHCCvpv59cr2XjvjI4tQQmEX XtGJ7cNfff2FLqlmAQCkzD+OeUf7GuF/k/7RFrP6FJlsnkn1CSSlc99YdTH2N+PrDOqP Z9ydLzw3mapWSRMk1+9Zc37IDBowZ61Y4cE/Mb8JlbEL5wNBs7zQ/khX1EE1EZMXQWGn HBeKz+76Z9+2RrYJr1pBE4YRJsN7UtgBj7ijyGHtcBYADxMFO/HyYnEgYA0OAQlhbUbS iYW5JM9mEaVW9B81P6Vz5ZehV1H+z60wh/4TzE/RF7vgrQ9IV8OX9QM46kC7Yq8kx9ko VoXg==
X-Gm-Message-State: AOAM532LZ1GRYuLilY0kuu8QDKM+m0dHchiiuYkIOhTyb2RUuFrqIpUs XtssYJFxfUPD1m9VESJYHrU8Ld3sBQQEw6+Fo7SDQCOlXxrFBA==
X-Google-Smtp-Source: ABdhPJxK+qPNa+U6FvssJu02+67ir2QbAtIzMDg/Xv9Rk8Nsi6TVKMBmmPNlhAZEWLBzXLAx78qjSDjBQL6PjySMHsA=
X-Received: by 2002:a92:85c8:: with SMTP id f191mr19473836ilh.242.1597771980265; Tue, 18 Aug 2020 10:33:00 -0700 (PDT)
MIME-Version: 1.0
References: <20200811034740.BA1831E7FDBF@ary.local> <0c8afc68-bc51-702a-c794-610b2d355836@dcrocker.net> <83a8e95f-d85d-634e-0c93-eb2ddab2c69d@wordtothewise.com> <99810a58-3809-bfd2-3571-bac54430f9e8@tana.it> <CAOPP4WHWoVkA+ZWZ+2AFnH8_nKBxO+t3Z4trz347JV0fsEy83Q@mail.gmail.com> <003501d671b9$467c0670$d3741350$@bayviewphysicians.com> <CAOPP4WG0Az02DJ0TvWfnaWSfCjnqW3tLh3TTGOJu4BC4zNuQBA@mail.gmail.com> <CAJ4XoYeQxgu5Yj+Aag9kYY3HXMrXV8DPNczXP5L_BLoVaAv0Gg@mail.gmail.com> <CABuGu1qFWJNOjV9Fd=tB8Nzod5rw7GgY0OeS3cHgfMDGoZGYWg@mail.gmail.com> <CAOPP4WGY9+dE7A5XE-zQZHsdHsFNd+5woKUqJE6j3CmsWKdRRA@mail.gmail.com> <CAJ4XoYcYQUQZwh=FLKTj-_Y=whG4_7WzSsGaSPXYpn3aACfSZA@mail.gmail.com> <CAOPP4WEGGDgvAc1N6_R-k0NE=EueXeWY73UoEu+B0pj4GLxV0A@mail.gmail.com> <543E391F-800B-4DAD-9310-B6D121AD0FEA@lem.click>
In-Reply-To: <543E391F-800B-4DAD-9310-B6D121AD0FEA@lem.click>
From: Neil Anuskiewicz <neil@marmot-tech.com>
Date: Tue, 18 Aug 2020 10:32:23 -0700
Message-ID: <CAOPP4WGa4MymU1FpHpkyCJiTc_y_wSEq-15XFNWvdNuz+F9Nmg@mail.gmail.com>
To: "Luis E. Muñoz" <dmarc-ietf.org=40lem.click@dmarc.ietf.org>
Cc: Dotzero <dotzero@gmail.com>, IETF DMARC WG <dmarc@ietf.org>, Kurt Andersen <kboth@drkurt.com>, Doug Foster <fosterd@bayviewphysicians.com>
Content-Type: multipart/alternative; boundary="00000000000050e77505ad2a47ed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/1o-DQLMDq_dwBypivApLHDdvTpI>
Subject: Re: [dmarc-ietf] draft-crocker-dmarc-author-00 ?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2020 17:33:04 -0000

On Mon, Aug 17, 2020 at 1:00 PM Luis E. Muñoz <dmarc-ietf.org=
40lem.click@dmarc.ietf.org> wrote:

> On 14 Aug 2020, at 12:47, Neil Anuskiewicz wrote:
> >  Under 50% of companies have any DMARC record. Of those who deploy
> > DMARC,
> > about ~2% have p=quarantine and ~5% p=reject, though some industries
> > such
> > as finance it looks like it's closer to 15% p=reject. I'm sure these
> > numbers aren't perfect but what you have likely isn't radically
> > different.
>
> My numbers are inverted regarding quarantine vs reject, as I posted on
> this list:
>
> On 30 Jul 2020, at 18:01, Luis E. Muñoz wrote:
> >
> > I am currently observing ~215.5 million domain names. Out of those,
> > ~64  million have a seemingly _valid_ SPF record and ~113 million with
> > at least one MX record.
> >
> > This is a current breakdown of the (valid) DMARC records I am
> > observing over the general domain population above. This amounts to an
> > adoption rate of ~1.7%.
> >
> > |    p       |  count  |
> > | :--------- | ------: |
> > | none       | 2715614 |
> > | quarantine |  238584 |
> > | reject     |  726045 |
>
> Numbers have moved a bit since then, but not much. I'm seeing 3:1 reject
> to quarantine ratio across the board.
>
> > Why is adoption low? Is that a big problem? Why so few aggressive
> > policies?
> > Is that a big problem?
>
> DMARC can be quite useful even with p=none. This use case provides
> insight on what's going on and sometimes, that's all that is wanted.
> Moving to more aggressive policies require a degree of control on the
> mail flows that not all organizations are prepared to exercise, IMO.
>
> Yes, I completely agree, p=none is useful. It's helped me help the client
(I'm basically an IT freelancer) make sure all their email sources' DKIM
and SPF's squared away. More interesting, DMARC's found things that have
surprised clients. Wait, who's using ESP X? Some detective work and a few
days later... Okay, it's the such and such office or sometimes even
individuals. And there's oh right we do use Y. Let's get that authenticated.

So it's legit sources that need to be authenticated, semi-legit sources
that either need to be authenticated and viewed as fully legit or told to
stop and there's sources that are legit but have been running on autopilot.
Let's think about whether we need this or what changes we can make to it.
This aspect serves as a sort of internal audit of email sources and
authentication. DMARC's been very, very useful for that.

Then there's discovering spoofing sometimes, of course.

Neil

v2.23.0 | Report a Bug | By Email