Re: [dmarc-ietf] [EXTERNAL] DMARC XML grammar

Matthäus Wander <mail@wander.science> Mon, 17 May 2021 10:36 UTC

Return-Path: <mail@wander.science>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 400E43A324B for <dmarc@ietfa.amsl.com>; Mon, 17 May 2021 03:36:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wander.science
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCp2Z-Bx19Y5 for <dmarc@ietfa.amsl.com>; Mon, 17 May 2021 03:36:54 -0700 (PDT)
Received: from mail.swznet.de (cathay.swznet.de [IPv6:2a01:4f8:13b:2048::113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98C6B3A3249 for <dmarc@ietf.org>; Mon, 17 May 2021 03:36:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=wander.science; s=cathay; h=Subject:Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:References:To:From:Sender:Reply-To: Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=L1vMwJ13bSKqF+tBQZ1EYSr6qdDWMZqkTWaPPYxNt3A=; b=IAmPcYxNpf3qiyEWowy/EPMIuv O/Zkmb3CNPB5PZnWJB8XFK7gHOGamrf8LR4N7Cbj40/TR+RxRRs0cmQqnHrxFcP3J2wJEc4a06O+E tR8YuYQBdnF7zYe3uzRl96REM3eHK8D7LGOv7JkRAs6iLB/2fxFpG/OBQBh4K28IAfmsVkHhCrDnz xQTcssk1Podn4I/2YDtwhqdnSYD4usedZ/hGMr8JuRp4gU3R8NIaBFTRtcn6lQsywcbq1od4Cvprp NJIFY+2wAb1o7JvD+zW+JupbhFKqNYSavTr0+iPSMIiFsDZD4MuISC8fbl2/xIN8nJBsKp1/3aRa2 SuT2ibnQ==;
Received: from dynamic-2a01-0c23-7092-a500-d5b9-eafc-835a-a47d.c23.pool.telefonica.de ([2a01:c23:7092:a500:d5b9:eafc:835a:a47d]) by mail.swznet.de with esmtpsa (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <mail@wander.science>) id 1liacF-0007WJ-4u for dmarc@ietf.org; Mon, 17 May 2021 12:36:51 +0200
From: =?UTF-8?Q?Matth=c3=a4us_Wander?= <mail@wander.science>
To: dmarc@ietf.org
References: <02bb33fa-2420-bb32-04a2-8cc62fec7ed7@tana.it> <MN2PR11MB435159DF56A6B1CCAF235C7EF7509@MN2PR11MB4351.namprd11.prod.outlook.com>
Message-ID: <5763af6f-f38a-9656-86ff-27f2729ed49a@wander.science>
Date: Mon, 17 May 2021 12:36:47 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <MN2PR11MB435159DF56A6B1CCAF235C7EF7509@MN2PR11MB4351.namprd11.prod.outlook.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 2a01:c23:7092:a500:d5b9:eafc:835a:a47d
X-SA-Exim-Mail-From: mail@wander.science
X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000)
X-SA-Exim-Scanned: Yes (on mail.swznet.de)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/cMSqJ7DTxdcKxrmqPHkhAq64jxA>
Subject: Re: [dmarc-ietf] [EXTERNAL] DMARC XML grammar
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2021 10:36:59 -0000

Here's some data that might be helpful to consider.
Data comprises about a year of reports for one domain.

  229 reporting organizations
      derived from 369 distinct <org_name> strings
  ---+---
   20 use Organization Name ("Example")
  161 use Organizational Domain only ("example.net")
   48 use Hostnames ("mx1.example.net", ...)
        with min=1, median=1.0, mean=3.92, max=116 distinct hostnames
  ---+---
  193 report version
    0 report meta_error
  227 report sp
  179 report sp__empty
   20 report fo__v1
    0 report fo__v1empty
    6 report override_reason
   12 report envelope_to
  191 report envelope_from__v1
   41 report envelope_from__v1empty
    6 report envelope_from__v1missing
    0 report dkim_selector__empty
   25 report dkim_selector__missing
    7 report dkim_result__none
   10 report dkim_human_result
    9 report dkim_human_result__copy
  191 report spf_scope__v1

Human-comprehensible result:
- 84% (193/229) of reporters announce the use of the RFC 7489
<version>1.0</version> schema.
- No one uses <error> below <report_metadata>.
- 78% (179/229) report an empty <sp></sp> instead of the default value.
- 10% (20/193) of 1.0 reporters include the <fo> element, although it's
actually mandatory. Draft schema does not have <fo>.

<identifiers>:
-  5% (12/229) use <envelope_to>.
- 99% (191/193) of 1.0 reporters use <envelope_from>. Draft schema does
not have <envelope_from>.
- 21% (41/193) have used an empty <envelope_from> (i.e., reported a
bounce) at least once.
-  3% (6/193) have omitted <envelope_from> at least once, even though
it is mandatory in 1.0.
- The remaining 75% either did not receive a bounce or do not report
bounces.

<dkim>:
- 11% (25/229) have omitted the optional <selector> in a DKIM result.
-  3% (7/229) have reported a DKIM <result>none</result>, even though
they could've instead omit the <dkim> element altogether.
-  4% (10/229) have used the <dkim_human_result>, but only 1 used it
for extra information that was not just a copy of <result>.

Regards,
Matt