Hello,
TLDR: I think Dmarcbis should not have reference to the XML format of the aggregate reports in 5.5.3 and only refer to the [I-D.ietf-dmarc-aggregate-reporting]
I've strayed a bit from DMARC, but occasionally I think about the aggregate reporting analysis problems a domain owner may encounter.
In earlier emails, I mentioned using a JSON format for reports.
Although the format change has been discussed in the past and the working group agreed not to switch to JSON,
I'm not sure that providing a new XSD file will solve the problem of the multiple XSDs we already have.
In my opinion, players who have already implemented the reporting system may not be inclined to update to the new format, and we'll then have 3 different definitions of XML.
The question of JSON then arises, to start afresh on a sound footing.
While this may require considerable effort in terms of RFC writing and code implementation, I think it will provide greater clarity and access for newcomers.
As part of my research, I've written a paper on DMARC that will be published soon (mid-March).
Even though DMARC adoption increases (4.5% in 2022 to 5.4% in 2023), the proportion of p=none handling policies also decreases (67.7% to 55.5%).
One of my first hypotheses is that domain owners were using the reporting system to enhance their infrastructure and then adopted more restrictive policies.
The figure below (Fig.7) illustrates the differences in reporting policies between the two years and that the adoption of more restrictive policies can be attributed to
the new DMARC domain names.
However, the increase in the "restrictive" handling policy does not seem correlated with the use of the reporting system.
I have compared the handling policies and content of RUA tags during the period (see graph below, Fig.8).
To summarize my analysis: 54.7% of the domain name that had p=none and moved to p=reject, did not have rua tags ( 5) and
48.2% of all domain names displayed unexpected behavior: they removed the rua tag without adopting more restrictive policies or have adopted more strict policies without having rua tags
In conclusion, I feel that there is something behind the difficulty of analyzing aggregate reports, and it is related to the current XML format...
Nevertheless, this is only a feeling and not tangible proof (yet), so it doesn't constitute a reasonable technical argument to justify my remarks about a new JSON format.
The current version of Dmarcbis does not leave room for a possible new aggregate report format in section 5.3.3.
Shouldn't this section be less specific about the XML format, while still referring to [I-D.ietf-dmarc-aggregate-reporting], which could be updated in the future?
If the working group is interested in the idea of a new (or alternative) JSON format, I can try my hand at writing a draft (if I'm accompanied by an IETF's experience writer).
Regards,
Olivier Hureau
------
PS: I can send interested readers a pre-printed version of my work.
