IETF Logo Mail Archive

Re: [dmarc-ietf] non-mailing list use case for differing header domains

"Douglas E. Foster" <fosterd@bayviewphysicians.com> Sun, 02 August 2020 15:01 UTC

Return-Path: <btv1==4838b3e5c39==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E07203A0EC9 for <dmarc@ietfa.amsl.com>; Sun, 2 Aug 2020 08:01:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OrYseLPY_fmE for <dmarc@ietfa.amsl.com>; Sun, 2 Aug 2020 08:01:03 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4A133A0EC6 for <dmarc@ietf.org>; Sun, 2 Aug 2020 08:01:03 -0700 (PDT)
X-ASG-Debug-ID: 1596380459-11fa3118c7b3e40001-K2EkT1
Received: from webmail.bayviewphysicians.com (smartermail4.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id 1mBLU8LshMXBgECb (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Sun, 02 Aug 2020 11:00:59 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:reply-to:subject:to:from; bh=BEetxqD34nMb0mMzwXXKUbop7F7LSMNTSUHJgQxxqrI=; b=jBYx9m2l6CW10eQDCim/4PbkeE8VVmxlqgcP1tpWiOLHOir+WUfE9bB8m23jH8ZmY uDmO7Kp0zUMcIFc7QGn7VnvxzTidV5ZgL5dppDYdTwGdcdCSOGna/op6ctHXN50Lu WNF1JPLsUtwV1nACdzBNXYjSaLVVxz/f4GRvrsFa4=
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Date: Sun, 02 Aug 2020 15:00:52 +0000
X-ASG-Orig-Subj: Re: [dmarc-ietf] non-mailing list use case for differing header domains
Reply-To: fosterd@bayviewphysicians.com
Message-ID: <cec0a539d7f34478930e2e172ace81c6@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="4031ae4350194b919277b9af6716ffda"
In-Reply-To: <CAOPP4WGRo0_WrqQcm-gpXgn2ZDy0f1MOBxU5tVV8y3mzA9D=hA@mail.gmail.com>
References: <BY5PR13MB29998094418C8A6C25902569D7730@BY5PR13MB2999.namprd13.prod.outlook.com> <c0361cb2-b25b-5d75-cb1f-f9c87e3ecccc@tana.it> <AE9A3A9F-27FC-4935-B8E6-AB0CE1A6D5E2@wordtothewise.com> <d446c074-bbcf-a824-041c-e45958e0b0a2@bluepopcorn.net> <95C85860-4C8E-4593-90B1-C9800D919E05@lem.click> <CAOPP4WG9FPYOT6HNATGWdobf57q-WiRujUvXq5WY-znBi9xxyQ@mail.gmail.com> <CAOPP4WGRo0_WrqQcm-gpXgn2ZDy0f1MOBxU5tVV8y3mzA9D=hA@mail.gmail.com>
X-Exim-Id: cec0a539d7f34478930e2e172ace81c6
X-Barracuda-Connect: smartermail4.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1596380459
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 31149
X-Barracuda-BRTS-Status: 1
X-Barracuda-BRTS-Evidence: dmarc-ietf.org
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.83643 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/rR5fkmOSpVp_lYsS6WDEE4xmwHE>
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Aug 2020 15:01:08 -0000

I have reviewed recent posts to this mailing list:   Submissions have come from 39 different people on 34 unique domains.   Of these, 11 have munged headers, indicating that they use an enforceable DMARC policy.   This is a much higher percentage than your general survey.

I wonder if this is typical  - are mailing list subscribers more likely to be on DMARC-enforcing domains than the general population?

Do the mailing list operators have data about what percentage of their subscribers (or percentage of unique domains) have DMARC policy enforcement in place?

DF

----------------------------------------
From: Neil Anuskiewicz <neil@marmot-tech.com>
Sent: 8/1/20 9:27 PM
To: Luis E. Muñoz <dmarc-ietf.org=40lem.click@dmarc.ietf.org>
Cc: dmarc@ietf.org
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
I looked at ~3.5 million domain names and here's some of what I found. This data might be useful to the discussion. As for me, I'm lurking and learning.

Anyway, I looked at ~3.5 million domain names and here's some of what I found:

FTSE DMARC Adoption	  
 DMARC Policy	 10/18/2019	  
 No record	 56%	  
 none	 34%	  
 quarantine	 1%	  
 reject	 9%

F500 DMARC Adoption

 DMARC Policy	 10/18/2019	  
 no record	 49%	  
 none	 37%	  
 quarantine	 4%	  
 reject	 9%	 

ASX DMARC Adoption

 DMARC Policy	 10/18/2019	  
 no record	 59%	  
 none	 33%	  
 quarantine	 1%	  
 reject	 7%	 

On Sat, Aug 1, 2020 at 12:57 PM Neil Anuskiewicz <neil@marmot-tech.com> wrote:

I looked at ~3.5 million domain names and here's some of what I found.. This wasn't a random sample but perhaps this data will be useful in this discussion:

FTSE DMARC Adoption	  
  	 Snapshot (10/18)

 No record	 56%	  
 none	 34%	  
 quarantine	 1%	  
 reject	 9%	 

F500 DMARC Adoption	  	  
  	 Snapshot (10/18)

 no record	 49%	  
 none	 37%	  
 quarantine	 4%	  
 reject	 9%

ASX DMARC Adoption	  	  
  	 Snapshot (10/18)

 no record	 59%	  
 none	 33%	  
 quarantine	 1%	  
 reject	 7%	 

Thanks.

Neil
On Thu, Jul 30, 2020 at 6:02 PM Luis E. Muñoz <dmarc-ietf.org=40lem.click@dmarc.ietf.org> wrote:

On 30 Jul 2020, at 15:52, Jim Fenton wrote:

There's an underlying assumption here that I don't agree with: that
DMARC adoption equates to the publication of a p=reject DMARC policy,
and that everyone (or at least all Fortune 500 companies) should be
doing that. p=reject should only be used when the usage patterns of the
domain support that policy. I'm more inclined to say that 85% of Fortune
500 companies are savvy enough not to publish a policy that doesn't fit
their usage patterns.

I am currently observing ~215.5 million domain names. Out of those, ~64
million have a seemingly valid SPF record and ~113 million with at least one MX record.

This is a current breakdown of the (valid) DMARC records I am observing over the general domain population above. This amounts to an adoption rate of ~1.7%.
p	 count	 
	 none	 2715614	  
 quarantine	 238584	  
 reject	 726045	 

It is interesting that roughly half of those are not taking advantage of the reporting. Here are the counts for those with neither rua= nor ruf= in the DMARC records:
p	 count	 
	 none	 1092990	  
 quarantine	 107767	  
 reject	 307614	 

I do not have a definitive list of Fortune 500 domain names, but I compile a rolling list of domain names with most traffic using multiple sources, which currently holds ~1.8 million unique domain names.

The breakdown of DMARC records from that high-traffic population is shown below, and it amounts to about 6.3%.
p	 count	 
	 none	 79367	  
 quarantine	 18094	  
 reject	 15875	 

For completeness, here is the same report, counting only those that have neither rua= nor ruf= in the DMARC record. The ratio of silent p=quarantine and p=reject seems around half as in the case of the general population.
p	 count	 
	 none	 32561	  
 quarantine	 4534	  
 reject	 2760	 

It would seem that those high-traffic domains are ~5x more likely to adopt DMARC. To me, these numbers speaks of thoughtful and deliberate deployment that outpaces the general domain name registrations.

That said, I cannot claim whether the list of high-traffic domains is actually a good proxy for the domain portfolio of the Fortune 500 companies.

Best regards

-lem

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email