I have reviewed recent posts to this mailing list: Submissions have come from
39 different people on 34 unique domains. Of these, 11 have munged headers,
indicating that they use an enforceable DMARC policy. This is a much higher
percentage than your general survey.
I wonder if this is typical - are mailing list subscribers more likely to be
on DMARC-enforcing domains than the general population?
Do the mailing list operators have data about what percentage of their
subscribers (or percentage of unique domains) have DMARC policy enforcement in
place?
DF
----------------------------------------
From: Neil Anuskiewicz <n...@marmot-tech.com>
Sent: 8/1/20 9:27 PM
To: Luis E. Muñoz <dmarc-ietf.org=40lem.cl...@dmarc.ietf.org>
Cc: dmarc@ietf.org
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
I looked at ~3.5 million domain names and here's some of what I found. This
data might be useful to the discussion. As for me, I'm lurking and learning.
Anyway, I looked at ~3.5 million domain names and here's some of what I found:
FTSE DMARC Adoption
DMARC Policy 10/18/2019
No record 56%
none 34%
quarantine 1%
reject 9%
F500 DMARC Adoption
DMARC Policy 10/18/2019
no record 49%
none 37%
quarantine 4%
reject 9%
ASX DMARC Adoption
DMARC Policy 10/18/2019
no record 59%
none 33%
quarantine 1%
reject 7%
On Sat, Aug 1, 2020 at 12:57 PM Neil Anuskiewicz <n...@marmot-tech.com> wrote:
I looked at ~3.5 million domain names and here's some of what I found.. This
wasn't a random sample but perhaps this data will be useful in this discussion:
FTSE DMARC Adoption
Snapshot (10/18)
No record 56%
none 34%
quarantine 1%
reject 9%
F500 DMARC Adoption
Snapshot (10/18)
no record 49%
none 37%
quarantine 4%
reject 9%
ASX DMARC Adoption
Snapshot (10/18)
no record 59%
none 33%
quarantine 1%
reject 7%
Thanks.
Neil
On Thu, Jul 30, 2020 at 6:02 PM Luis E. Muñoz
<dmarc-ietf.org=40lem.cl...@dmarc.ietf.org> wrote:
On 30 Jul 2020, at 15:52, Jim Fenton wrote:
There's an underlying assumption here that I don't agree with: that
DMARC adoption equates to the publication of a p=reject DMARC policy,
and that everyone (or at least all Fortune 500 companies) should be
doing that. p=reject should only be used when the usage patterns of the
domain support that policy. I'm more inclined to say that 85% of Fortune
500 companies are savvy enough not to publish a policy that doesn't fit
their usage patterns.
I am currently observing ~215.5 million domain names. Out of those, ~64
million have a seemingly valid SPF record and ~113 million with at least one MX
record.
This is a current breakdown of the (valid) DMARC records I am observing over
the general domain population above. This amounts to an adoption rate of ~1.7%.
p count
none 2715614
quarantine 238584
reject 726045
It is interesting that roughly half of those are not taking advantage of the
reporting. Here are the counts for those with neither rua= nor ruf= in the
DMARC records:
p count
none 1092990
quarantine 107767
reject 307614
I do not have a definitive list of Fortune 500 domain names, but I compile a
rolling list of domain names with most traffic using multiple sources, which
currently holds ~1.8 million unique domain names.
The breakdown of DMARC records from that high-traffic population is shown
below, and it amounts to about 6.3%.
p count
none 79367
quarantine 18094
reject 15875
For completeness, here is the same report, counting only those that have
neither rua= nor ruf= in the DMARC record. The ratio of silent p=quarantine and
p=reject seems around half as in the case of the general population.
p count
none 32561
quarantine 4534
reject 2760
It would seem that those high-traffic domains are ~5x more likely to adopt
DMARC. To me, these numbers speaks of thoughtful and deliberate deployment that
outpaces the general domain name registrations.
That said, I cannot claim whether the list of high-traffic domains is actually
a good proxy for the domain portfolio of the Fortune 500 companies.
Best regards
-lem
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
