Re: [dmarc-ietf] non-mailing list use case for differing header domains
Neil Anuskiewicz <neil@marmot-tech.com> Sun, 02 August 2020 01:27 UTC
Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B032E3A0A12 for <dmarc@ietfa.amsl.com>; Sat, 1 Aug 2020 18:27:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FqqtWRKhlaOR for <dmarc@ietfa.amsl.com>; Sat, 1 Aug 2020 18:27:15 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9C4E3A0A0B for <dmarc@ietf.org>; Sat, 1 Aug 2020 18:27:15 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id z6so35344199iow.6 for <dmarc@ietf.org>; Sat, 01 Aug 2020 18:27:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8Yryq/GcfjQp/4uxoX9XNV5+yqdWY2QsOPZ3q7b8H5s=; b=E8Tvem2eGwz68he9P7vgXi1SH7sdmk88Wf4kFV7C47S97l+kEuACwrfzb/2lmeI4hA 9jDnQmxQvxhAY97pqFMIiHm0Nwk8p5uW+NjEfRs+8jLt0HO3KhRNL20ZpuqY08Yq9MXr SBIP0JCs9kIZT/kmjCQhB0zIvSPNGSqAPbrX0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8Yryq/GcfjQp/4uxoX9XNV5+yqdWY2QsOPZ3q7b8H5s=; b=SY4E1vopP03vJg3s8OZ30wCeJQdojBW80JeF/pDSu2wv3CxjslgFlexdySi+JhS6HF TrtaIXyCAZ74ErgJhJSBQQqXzAOzz1jkUp5Mln5XAh+Fqdl480Y+MsslriD/gvREVRTH V8UCnBWfx7ba4r+PsD8VKYCQeft3TtfUDQdgp/MHAuH+ZMVFAb979UnwHqIeZ1tLl3BE eB9t+agcsgWBc0hco0LrPgjgkZRtJvcHSZ94fvLk01yeucJz8M1o9LuwZ+uHhlVMPV2k XpGRt3lXlSEggiiLLLdu2DDTY0ZbPzpOsshP3wAZ7Sen5ON2DlafLVWlAYeS++tGtAns 0joA==
X-Gm-Message-State: AOAM530/n4IsBGSo/tQwzISCH+3T1C/5kTmkkM+wyv/f7T+70bRNapyX ZTlL8xVisFh6+8CZGMmIwqcFgGVmrle88LAvusLhK/cKTF8mbw==
X-Google-Smtp-Source: ABdhPJy5IMQRoCK2mmzmOpnx1RlqMIicU7jfQa2R86btem7yl2j/F0LC4plQUBEdEYWOsGWqXH6CtVkrggyLGubMFpk=
X-Received: by 2002:a05:6602:220f:: with SMTP id n15mr10634541ion.103.1596331634822; Sat, 01 Aug 2020 18:27:14 -0700 (PDT)
MIME-Version: 1.0
References: <BY5PR13MB29998094418C8A6C25902569D7730@BY5PR13MB2999.namprd13.prod.outlook.com> <c0361cb2-b25b-5d75-cb1f-f9c87e3ecccc@tana.it> <AE9A3A9F-27FC-4935-B8E6-AB0CE1A6D5E2@wordtothewise.com> <d446c074-bbcf-a824-041c-e45958e0b0a2@bluepopcorn.net> <95C85860-4C8E-4593-90B1-C9800D919E05@lem.click> <CAOPP4WG9FPYOT6HNATGWdobf57q-WiRujUvXq5WY-znBi9xxyQ@mail.gmail.com>
In-Reply-To: <CAOPP4WG9FPYOT6HNATGWdobf57q-WiRujUvXq5WY-znBi9xxyQ@mail.gmail.com>
From: Neil Anuskiewicz <neil@marmot-tech.com>
Date: Sat, 01 Aug 2020 18:26:38 -0700
Message-ID: <CAOPP4WGRo0_WrqQcm-gpXgn2ZDy0f1MOBxU5tVV8y3mzA9D=hA@mail.gmail.com>
To: "Luis E. Muñoz" <dmarc-ietf.org=40lem.click@dmarc.ietf.org>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000009adcf05abdaeceb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/3EzgioBD8zTjWSBPWHyToUWsRuE>
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Aug 2020 01:27:18 -0000
I looked at ~3.5 million domain names and here's some of what I found. This data might be useful to the discussion. As for me, I'm lurking and learning. Anyway, I looked at ~3.5 million domain names and here's some of what I found: FTSE DMARC Adoption DMARC Policy 10/18/2019 No record 56% none 34% quarantine 1% reject 9% F500 DMARC Adoption DMARC Policy 10/18/2019 no record 49% none 37% quarantine 4% reject 9% ASX DMARC Adoption DMARC Policy 10/18/2019 no record 59% none 33% quarantine 1% reject 7% On Sat, Aug 1, 2020 at 12:57 PM Neil Anuskiewicz <neil@marmot-tech.com> wrote: > I looked at ~3.5 million domain names and here's some of what I found. > This wasn't a random sample but perhaps this data will be useful in this > discussion: > > FTSE DMARC Adoption > > Snapshot (10/18) > No record 56% > none 34% > quarantine 1% > reject 9% > F500 DMARC Adoption > > Snapshot (10/18) > no record 49% > none 37% > quarantine 4% > reject 9% > > ASX DMARC Adoption > > Snapshot (10/18) > no record 59% > none 33% > quarantine 1% > reject 7% > > Thanks. > > Neil > On Thu, Jul 30, 2020 at 6:02 PM Luis E. Muñoz <dmarc-ietf.org= > 40lem.click@dmarc.ietf.org> wrote: > >> On 30 Jul 2020, at 15:52, Jim Fenton wrote: >> >> There's an underlying assumption here that I don't agree with: that >> DMARC adoption equates to the publication of a p=reject DMARC policy, >> and that everyone (or at least all Fortune 500 companies) should be >> doing that. p=reject should only be used when the usage patterns of the >> domain support that policy. I'm more inclined to say that 85% of Fortune >> 500 companies are savvy enough not to publish a policy that doesn't fit >> their usage patterns. >> >> I am currently observing ~215.5 million domain names. Out of those, ~64 >> million have a seemingly *valid* SPF record and ~113 million with at >> least one MX record. >> >> This is a current breakdown of the (valid) DMARC records I am observing >> over the general domain population above. This amounts to an adoption rate >> of ~1.7%. >> p count >> none 2715614 >> quarantine 238584 >> reject 726045 >> >> It is interesting that roughly half of those are not taking advantage of >> the reporting. Here are the counts for those with neither rua= nor ruf= >> in the DMARC records: >> p count >> none 1092990 >> quarantine 107767 >> reject 307614 >> >> I do not have a definitive list of Fortune 500 domain names, but I >> compile a rolling list of domain names with most traffic using multiple >> sources, which currently holds ~1.8 million unique domain names. >> >> The breakdown of DMARC records from that high-traffic population is shown >> below, and it amounts to about 6.3%. >> p count >> none 79367 >> quarantine 18094 >> reject 15875 >> >> For completeness, here is the same report, counting only those that have >> neither rua= nor ruf= in the DMARC record. The ratio of *silent* >> p=quarantine and p=reject seems around half as in the case of the >> general population. >> p count >> none 32561 >> quarantine 4534 >> reject 2760 >> >> It would seem that those high-traffic domains are ~5x more likely to >> adopt DMARC. To me, these numbers speaks of thoughtful and deliberate >> deployment that outpaces the general domain name registrations. >> >> That said, I cannot claim whether the list of high-traffic domains is >> actually a good proxy for the domain portfolio of the Fortune 500 companies. >> >> Best regards >> >> -lem >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> >
- [dmarc-ietf] non-mailing list use case for differ… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Doug Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Jeremy Harris
- Re: [dmarc-ietf] non-mailing list use case for di… Ken O'Driscoll
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Luis E. Muñoz
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- [dmarc-ietf] LSAP - Lightweight Signer Authorizat… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Neil Anuskiewicz
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Ken O'Driscoll
- Re: [dmarc-ietf] non-mailing list use case for di… Benny Pedersen
- Re: [dmarc-ietf] non-mailing list use case for di… Kurt Andersen (b)
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Hannu Aronsson
- Re: [dmarc-ietf] non-mailing list use case for di… Hannu Aronsson
- Re: [dmarc-ietf] non-mailing list use case for di… Tõnu Tammer
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Neil Anuskiewicz
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … Hector Santos
- Re: [dmarc-ietf] Time for a change Douglas E. Foster
- Re: [dmarc-ietf] Time for a change Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] Time for a change Murray S. Kucherawy
- Re: [dmarc-ietf] Time for a change Dave Crocker
- Re: [dmarc-ietf] Time for a change Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] finer grained org domain John R Levine
- Re: [dmarc-ietf] finer grained org domain Tim Wicinski
- Re: [dmarc-ietf] finer grained org domain Dave Crocker
- Re: [dmarc-ietf] finer grained org domain Dave Crocker
- Re: [dmarc-ietf] finer grained org domain Seth Blank
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] Time for a change Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Kurt Andersen (b)
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Tim Draegen
- Re: [dmarc-ietf] third party authorization, not, … Brandon Long
- Re: [dmarc-ietf] third party authorization, not, … Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Brandon Long
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Laura Atkins
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Doug Foster
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Hector Santos
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… John Levine
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… Douglas E. Foster
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] my forward signer draft, third p… John Levine
- Re: [dmarc-ietf] my forward signer draft, third p… Rolf E. Sonneveld