Re: [dmarc-ietf] DMARC Coverage
Ian Levy <ian.levy@ncsc.gov.uk> Wed, 17 April 2019 17:47 UTC
Return-Path: <ian.levy@ncsc.gov.uk>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB976120127 for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2019 10:47:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id df9cHRBIN5wj for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2019 10:47:21 -0700 (PDT)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100121.outbound.protection.outlook.com [40.107.10.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7821D12002E for <dmarc@ietf.org>; Wed, 17 Apr 2019 10:47:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zP/vEBIo72Mr+flA6WjltwDfrv4KsN00APtkJdhZg7U=; b=LveznCw9C6VpJ5LACxqeeMHowvBWTs5ZchwpQlfNjsz0phoZakbnywPrl9A00ARDYcCvAv2K8e3d/+9XlzMC7SYqlxC/jDnT3uSffsf2LUqUlKWG9DeROiwlJ8vHiURHBo53PJgIw9JuIGRqH8LHI4pxtr/EImABezHCW2NnWvg=
Received: from LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM (20.176.157.151) by LO2P123MB1920.GBRP123.PROD.OUTLOOK.COM (20.176.155.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.12; Wed, 17 Apr 2019 17:47:19 +0000
Received: from LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM ([fe80::3d7d:bcac:a450:6621]) by LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM ([fe80::3d7d:bcac:a450:6621%7]) with mapi id 15.20.1792.021; Wed, 17 Apr 2019 17:47:18 +0000
From: Ian Levy <ian.levy@ncsc.gov.uk>
To: Scott Kitterman <sklist@kitterman.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] DMARC Coverage
Thread-Index: AQHU8j2h6McpQd34NEeQ+7zWHDT0U6ZAojYw
Date: Wed, 17 Apr 2019 17:47:18 +0000
Message-ID: <LO2P123MB22854EBA09E4A5AC6BE9C12AC9250@LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM>
References: <8060835.KeXT7UZBJi@kitterma-e6430>
In-Reply-To: <8060835.KeXT7UZBJi@kitterma-e6430>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ian.levy@ncsc.gov.uk;
x-originating-ip: [51.141.26.231]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 774b80d3-c466-48c2-74e9-08d6c35cbcb6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:LO2P123MB1920;
x-ms-traffictypediagnostic: LO2P123MB1920:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <LO2P123MB19200EB502421F1C487C8158C9250@LO2P123MB1920.GBRP123.PROD.OUTLOOK.COM>
x-forefront-prvs: 0010D93EFE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39850400004)(396003)(366004)(376002)(136003)(189003)(199004)(13464003)(7736002)(2906002)(45080400002)(74316002)(966005)(478600001)(305945005)(256004)(14444005)(44832011)(81166006)(68736007)(105586002)(81156014)(14454004)(110136005)(33656002)(25786009)(2501003)(106356001)(6116002)(102836004)(8676002)(7696005)(99286004)(66066001)(76176011)(186003)(26005)(53546011)(55236004)(6506007)(3846002)(97736004)(71190400001)(11346002)(476003)(486006)(446003)(55016002)(316002)(71200400001)(9686003)(6436002)(229853002)(6306002)(8936002)(52536014)(5660300002)(6246003)(74482002)(86362001)(75922002)(53936002); DIR:OUT; SFP:1102; SCL:1; SRVR:LO2P123MB1920; H:LO2P123MB2285.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: goADyMfN0AUtdyg8GznIUnfE0X8mkeQBFeOBlsFJCCcgKvobp2Pbp4m7Ep3O0ZQ0bsYUth3yEwWjbujePGUIEHqrOJIanoVjgcLqZahpZRTtMkzAkljziahzjZgmOzHbelGNGjL30MEroarhcDZgrbzsBmFTAeORePPTcoHby49VehbNZXMY4NfjMXBXfFKQ3uyF70i6Kq4oQuxviIBsmEt25MKk9nB6JOVwYgzhJd7zSbX22zk5q71HM+lSbSGYqtK2F7duoJQTRGOM7y/fyT7Fdqvl1MyByKbPs0b3P+1jaPcdoDgss7PIIEkusYrhpJ45OL2sGPbtaBmwM9x5dbRK7ViCUprpfeg4G4qLsVOF/2d0a0Ogr02qhLibKR/reqcygUeIet6PmQ3vhw9gdZdqYjgBAkilxEL5J36j4vg=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 774b80d3-c466-48c2-74e9-08d6c35cbcb6
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2019 17:47:18.8644 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P123MB1920
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/dsvCRABdoo2vHzmsRNg8ABN-ciM>
Subject: Re: [dmarc-ietf] DMARC Coverage
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 17:47:25 -0000
We've done something slightly different (because it's data we have to hand) but I think it's still comparable. We looked at the all messages sent from ncsc.gov.uk in March 2019. In total, we sent 67,962 emails and received DMARC reports for 8,657 emails, about 12.5%. Now, I think our main correspondents are likely to be in gov.uk and we know there's a lot of Office 365 and older on-prem solutions that don't report, so it's going to be artificially low. Possibly more interesting is the data from the Gov.UK Notify service, which sends mail from the notifications.service.gov.uk domain. Notify is the platform for government to send notifications to people and it publishes its performance data, for example for March 2019 at https://www.gov.uk/performance/govuk-notify/notifications-by-type#from=2019-03-01T00:00:00Z&to=2019-03-01T00:00:00Z This shows that Notify sent 36,301,537 emails in March and we received reporting of 13,671,108 emails, about 37.9%. Notify sends messages to a much broader set of receivers so is likely to be more representative and therefore useful statistically. <hint mode='subtle'> I'd be really interested in what happens to these numbers if Microsoft start sending DMARC reports, for both O365 and their consumer platforms. </hint> Ta. I. -- Dr Ian Levy Technical Director National Cyber Security Centre ian@ncsc.gov.uk Staff Officer : Kate Atkins, kate.a@ncsc.gov.uk (I work stupid hours and weird times - that doesn't mean you have to. If this arrives outside your normal working hours, don't feel compelled to respond immediately!) -----Original Message----- From: dmarc <dmarc-bounces@ietf.org> On Behalf Of Scott Kitterman Sent: 13 April 2019 22:12 To: dmarc@ietf.org Subject: [dmarc-ietf] DMARC Coverage A couple of days ago I sent a single message to a reasonably large mailing list (spf-help, email oriented - so likely not representative, but it's a data point). Since I am a list owner, I know how many subscribers there are and from my DMARC feedback, I know how many times that single message got reported. 43% of them showed up in my DMARC feedback, so that's at least one data point on breadth of coverage for DMARC feedback. To do this (at least the way I did it), you need to send a single message in a reporting period to an email list that does not re-write from and for which you know how many subscribers there are. I'm curious what kind of numbers other might be able to come up with. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdmarc&data=02%7C01%7Cian.levy%40ncsc.gov.uk%7C14b11e326d154e893be508d6c054c2b9%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C636907867621729087&sdata=cpa%2BmnPs5ClQ1ruPwExr6qwOfqzpb1WWkJUwm4%2B5p7M%3D&reserved=0 This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk
- [dmarc-ietf] DMARC Coverage Scott Kitterman
- Re: [dmarc-ietf] DMARC Coverage Dotzero
- Re: [dmarc-ietf] DMARC Coverage Hector Santos
- Re: [dmarc-ietf] DMARC Coverage Kurt Andersen (b)
- Re: [dmarc-ietf] DMARC Coverage Ian Levy