IETF Logo Mail Archive

Re: [dmarc-ietf] non-mailing list use case for differing header domains

Neil Anuskiewicz <neil@marmot-tech.com> Sun, 02 August 2020 01:27 UTC

Return-Path: <neil@marmot-tech.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B032E3A0A12 for <dmarc@ietfa.amsl.com>; Sat, 1 Aug 2020 18:27:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=marmot-tech.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FqqtWRKhlaOR for <dmarc@ietfa.amsl.com>; Sat, 1 Aug 2020 18:27:15 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9C4E3A0A0B for <dmarc@ietf.org>; Sat, 1 Aug 2020 18:27:15 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id z6so35344199iow.6 for <dmarc@ietf.org>; Sat, 01 Aug 2020 18:27:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marmot-tech.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8Yryq/GcfjQp/4uxoX9XNV5+yqdWY2QsOPZ3q7b8H5s=; b=E8Tvem2eGwz68he9P7vgXi1SH7sdmk88Wf4kFV7C47S97l+kEuACwrfzb/2lmeI4hA 9jDnQmxQvxhAY97pqFMIiHm0Nwk8p5uW+NjEfRs+8jLt0HO3KhRNL20ZpuqY08Yq9MXr SBIP0JCs9kIZT/kmjCQhB0zIvSPNGSqAPbrX0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8Yryq/GcfjQp/4uxoX9XNV5+yqdWY2QsOPZ3q7b8H5s=; b=SY4E1vopP03vJg3s8OZ30wCeJQdojBW80JeF/pDSu2wv3CxjslgFlexdySi+JhS6HF TrtaIXyCAZ74ErgJhJSBQQqXzAOzz1jkUp5Mln5XAh+Fqdl480Y+MsslriD/gvREVRTH V8UCnBWfx7ba4r+PsD8VKYCQeft3TtfUDQdgp/MHAuH+ZMVFAb979UnwHqIeZ1tLl3BE eB9t+agcsgWBc0hco0LrPgjgkZRtJvcHSZ94fvLk01yeucJz8M1o9LuwZ+uHhlVMPV2k XpGRt3lXlSEggiiLLLdu2DDTY0ZbPzpOsshP3wAZ7Sen5ON2DlafLVWlAYeS++tGtAns 0joA==
X-Gm-Message-State: AOAM530/n4IsBGSo/tQwzISCH+3T1C/5kTmkkM+wyv/f7T+70bRNapyX ZTlL8xVisFh6+8CZGMmIwqcFgGVmrle88LAvusLhK/cKTF8mbw==
X-Google-Smtp-Source: ABdhPJy5IMQRoCK2mmzmOpnx1RlqMIicU7jfQa2R86btem7yl2j/F0LC4plQUBEdEYWOsGWqXH6CtVkrggyLGubMFpk=
X-Received: by 2002:a05:6602:220f:: with SMTP id n15mr10634541ion.103.1596331634822; Sat, 01 Aug 2020 18:27:14 -0700 (PDT)
MIME-Version: 1.0
References: <BY5PR13MB29998094418C8A6C25902569D7730@BY5PR13MB2999.namprd13.prod.outlook.com> <c0361cb2-b25b-5d75-cb1f-f9c87e3ecccc@tana.it> <AE9A3A9F-27FC-4935-B8E6-AB0CE1A6D5E2@wordtothewise.com> <d446c074-bbcf-a824-041c-e45958e0b0a2@bluepopcorn.net> <95C85860-4C8E-4593-90B1-C9800D919E05@lem.click> <CAOPP4WG9FPYOT6HNATGWdobf57q-WiRujUvXq5WY-znBi9xxyQ@mail.gmail.com>
In-Reply-To: <CAOPP4WG9FPYOT6HNATGWdobf57q-WiRujUvXq5WY-znBi9xxyQ@mail.gmail.com>
From: Neil Anuskiewicz <neil@marmot-tech.com>
Date: Sat, 01 Aug 2020 18:26:38 -0700
Message-ID: <CAOPP4WGRo0_WrqQcm-gpXgn2ZDy0f1MOBxU5tVV8y3mzA9D=hA@mail.gmail.com>
To: "Luis E. Muñoz" <dmarc-ietf.org=40lem.click@dmarc.ietf.org>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000009adcf05abdaeceb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/3EzgioBD8zTjWSBPWHyToUWsRuE>
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Aug 2020 01:27:18 -0000

I looked at ~3.5 million domain names and here's some of what I found. This
data might be useful to the discussion. As for me, I'm lurking and learning.

Anyway, I looked at ~3.5 million domain names and here's some of what I
found:
FTSE DMARC Adoption
DMARC Policy 10/18/2019
No record 56%
none 34%
quarantine 1%
reject 9%

F500 DMARC Adoption
DMARC Policy 10/18/2019
no record 49%
none 37%
quarantine 4%
reject 9%
ASX DMARC Adoption
DMARC Policy 10/18/2019
no record 59%
none 33%
quarantine 1%
reject 7%





On Sat, Aug 1, 2020 at 12:57 PM Neil Anuskiewicz <neil@marmot-tech.com>
wrote:

> I looked at ~3.5 million domain names and here's some of what I found.
> This wasn't a random sample but perhaps this data will be useful in this
> discussion:
>
> FTSE DMARC Adoption
>
> Snapshot (10/18)
> No record 56%
> none 34%
> quarantine 1%
> reject 9%
> F500 DMARC Adoption
>
> Snapshot (10/18)
> no record 49%
> none 37%
> quarantine 4%
> reject 9%
>
> ASX DMARC Adoption
>
> Snapshot (10/18)
> no record 59%
> none 33%
> quarantine 1%
> reject 7%
>
> Thanks.
>
> Neil
> On Thu, Jul 30, 2020 at 6:02 PM Luis E. Muñoz <dmarc-ietf.org=
> 40lem.click@dmarc.ietf.org> wrote:
>
>> On 30 Jul 2020, at 15:52, Jim Fenton wrote:
>>
>> There's an underlying assumption here that I don't agree with: that
>> DMARC adoption equates to the publication of a p=reject DMARC policy,
>> and that everyone (or at least all Fortune 500 companies) should be
>> doing that. p=reject should only be used when the usage patterns of the
>> domain support that policy. I'm more inclined to say that 85% of Fortune
>> 500 companies are savvy enough not to publish a policy that doesn't fit
>> their usage patterns.
>>
>> I am currently observing ~215.5 million domain names. Out of those, ~64
>> million have a seemingly *valid* SPF record and ~113 million with at
>> least one MX record.
>>
>> This is a current breakdown of the (valid) DMARC records I am observing
>> over the general domain population above. This amounts to an adoption rate
>> of ~1.7%.
>> p count
>> none 2715614
>> quarantine 238584
>> reject 726045
>>
>> It is interesting that roughly half of those are not taking advantage of
>> the reporting. Here are the counts for those with neither rua= nor ruf=
>> in the DMARC records:
>> p count
>> none 1092990
>> quarantine 107767
>> reject 307614
>>
>> I do not have a definitive list of Fortune 500 domain names, but I
>> compile a rolling list of domain names with most traffic using multiple
>> sources, which currently holds ~1.8 million unique domain names.
>>
>> The breakdown of DMARC records from that high-traffic population is shown
>> below, and it amounts to about 6.3%.
>> p count
>> none 79367
>> quarantine 18094
>> reject 15875
>>
>> For completeness, here is the same report, counting only those that have
>> neither rua= nor ruf= in the DMARC record. The ratio of *silent*
>> p=quarantine and p=reject seems around half as in the case of the
>> general population.
>> p count
>> none 32561
>> quarantine 4534
>> reject 2760
>>
>> It would seem that those high-traffic domains are ~5x more likely to
>> adopt DMARC. To me, these numbers speaks of thoughtful and deliberate
>> deployment that outpaces the general domain name registrations.
>>
>> That said, I cannot claim whether the list of high-traffic domains is
>> actually a good proxy for the domain portfolio of the Fortune 500 companies.
>>
>> Best regards
>>
>> -lem
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>

v2.23.0 | Report a Bug | By Email