Re: [dmarc-ietf] DMARC Coverage

Ian Levy <> Wed, 17 April 2019 17:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BB976120127 for <>; Wed, 17 Apr 2019 10:47:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id df9cHRBIN5wj for <>; Wed, 17 Apr 2019 10:47:21 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7821D12002E for <>; Wed, 17 Apr 2019 10:47:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zP/vEBIo72Mr+flA6WjltwDfrv4KsN00APtkJdhZg7U=; b=LveznCw9C6VpJ5LACxqeeMHowvBWTs5ZchwpQlfNjsz0phoZakbnywPrl9A00ARDYcCvAv2K8e3d/+9XlzMC7SYqlxC/jDnT3uSffsf2LUqUlKWG9DeROiwlJ8vHiURHBo53PJgIw9JuIGRqH8LHI4pxtr/EImABezHCW2NnWvg=
Received: from LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM ( by LO2P123MB1920.GBRP123.PROD.OUTLOOK.COM ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.12; Wed, 17 Apr 2019 17:47:19 +0000
Received: from LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM ([fe80::3d7d:bcac:a450:6621]) by LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM ([fe80::3d7d:bcac:a450:6621%7]) with mapi id 15.20.1792.021; Wed, 17 Apr 2019 17:47:18 +0000
From: Ian Levy <>
To: Scott Kitterman <>, "" <>
Thread-Topic: [dmarc-ietf] DMARC Coverage
Thread-Index: AQHU8j2h6McpQd34NEeQ+7zWHDT0U6ZAojYw
Date: Wed, 17 Apr 2019 17:47:18 +0000
Message-ID: <LO2P123MB22854EBA09E4A5AC6BE9C12AC9250@LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM>
References: <8060835.KeXT7UZBJi@kitterma-e6430>
In-Reply-To: <8060835.KeXT7UZBJi@kitterma-e6430>
Accept-Language: en-GB, en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 774b80d3-c466-48c2-74e9-08d6c35cbcb6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:LO2P123MB1920;
x-ms-traffictypediagnostic: LO2P123MB1920:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <LO2P123MB19200EB502421F1C487C8158C9250@LO2P123MB1920.GBRP123.PROD.OUTLOOK.COM>
x-forefront-prvs: 0010D93EFE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39850400004)(396003)(366004)(376002)(136003)(189003)(199004)(13464003)(7736002)(2906002)(45080400002)(74316002)(966005)(478600001)(305945005)(256004)(14444005)(44832011)(81166006)(68736007)(105586002)(81156014)(14454004)(110136005)(33656002)(25786009)(2501003)(106356001)(6116002)(102836004)(8676002)(7696005)(99286004)(66066001)(76176011)(186003)(26005)(53546011)(55236004)(6506007)(3846002)(97736004)(71190400001)(11346002)(476003)(486006)(446003)(55016002)(316002)(71200400001)(9686003)(6436002)(229853002)(6306002)(8936002)(52536014)(5660300002)(6246003)(74482002)(86362001)(75922002)(53936002); DIR:OUT; SFP:1102; SCL:1; SRVR:LO2P123MB1920; H:LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: goADyMfN0AUtdyg8GznIUnfE0X8mkeQBFeOBlsFJCCcgKvobp2Pbp4m7Ep3O0ZQ0bsYUth3yEwWjbujePGUIEHqrOJIanoVjgcLqZahpZRTtMkzAkljziahzjZgmOzHbelGNGjL30MEroarhcDZgrbzsBmFTAeORePPTcoHby49VehbNZXMY4NfjMXBXfFKQ3uyF70i6Kq4oQuxviIBsmEt25MKk9nB6JOVwYgzhJd7zSbX22zk5q71HM+lSbSGYqtK2F7duoJQTRGOM7y/fyT7Fdqvl1MyByKbPs0b3P+1jaPcdoDgss7PIIEkusYrhpJ45OL2sGPbtaBmwM9x5dbRK7ViCUprpfeg4G4qLsVOF/2d0a0Ogr02qhLibKR/reqcygUeIet6PmQ3vhw9gdZdqYjgBAkilxEL5J36j4vg=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 774b80d3-c466-48c2-74e9-08d6c35cbcb6
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2019 17:47:18.8644 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P123MB1920
Archived-At: <>
Subject: Re: [dmarc-ietf] DMARC Coverage
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 17 Apr 2019 17:47:25 -0000

We've done something slightly different (because it's data we have to hand) but I think it's still comparable.

We looked at the all messages sent from in March 2019. In total, we sent 67,962 emails and received DMARC reports for  8,657 emails, about 12.5%. Now, I think our main correspondents are likely to be in and we know there's a lot of Office 365 and older on-prem solutions that don't report, so it's going to be artificially low.

Possibly more interesting is the data from the Gov.UK Notify service, which sends mail from the domain. Notify is the platform for government to send notifications to people and it publishes its performance data, for example for March 2019 at
This shows that Notify sent 36,301,537 emails in March and we received reporting of 13,671,108 emails, about 37.9%.

Notify sends messages to a much broader set of receivers so is likely to be more representative and therefore useful statistically.

<hint mode='subtle'>
I'd be really interested in what happens to these numbers if Microsoft start sending DMARC reports, for both O365 and their consumer platforms.



Dr Ian Levy
Technical Director
National Cyber Security Centre

Staff Officer : Kate Atkins,

(I work stupid hours and weird times - that doesn't mean you have to. If this arrives outside your normal working hours, don't feel compelled to respond immediately!)

-----Original Message-----
From: dmarc <> On Behalf Of Scott Kitterman
Sent: 13 April 2019 22:12
Subject: [dmarc-ietf] DMARC Coverage

A couple of days ago I sent a single message to a reasonably large mailing list (spf-help, email oriented - so likely not representative, but it's a data point).  Since I am a list owner, I know how many subscribers there are and from my DMARC feedback, I know how many times that single message got reported.

43% of them showed up in my DMARC feedback, so that's at least one data point on breadth of coverage for DMARC feedback.

To do this (at least the way I did it), you need to send a single message in a reporting period to an email list that does not re-write from and for which you know how many subscribers there are.

I'm curious what kind of numbers other might be able to come up with.

Scott K

dmarc mailing list;;sdata=cpa%2BmnPs5ClQ1ruPwExr6qwOfqzpb1WWkJUwm4%2B5p7M%3D&amp;reserved=0
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to