Hector, Answers inline below.
On Fri, Jun 16, 2023 at 11:30 AM Hector Santos <hsantos= 40isdg....@dmarc.ietf.org> wrote: > Steve, > > Thanks for the inbound MX verification stats. > > Can I ask, does the umn.edu mx network of compliant SPF/DMARC servers > honor the Reject and Quarantine? > Yes. We only did this after a year or two of analysis on what would be rejected. Meaning, are transactions with DMARC Rejects done at the SMTP DATA state > with 55z SMTP responses? or the transactions are accepted (250 reply code) > but then discarded (DMARC reject) or DMARC quarantined to a user's > junk/spam box? With either method, the end user does not see the DMARC > failed message in their In-box? > Rejections are done at the SMTP DATA state with 55z SMTP responses. Accepting and later sending NDN would of course make us a source of joe-jobs. End users therefore do not see these rejections. > > If so, considering only the DMARC results reject and quarantine in your > table, I summed up 0.29% are rejected/quarantined. Would that be correct? > I did not include email that was rejected at the SMTP layer for other reasons prior to the opendmarc milter running. > > On the other hand, in my implementation, SPF failure preempts DMARC by > default - mail is rejected (55z). If we considered only the SPF column > with fail in your table, you would have 1.82% rejectable mail. > We do not consider SPF separately, only as part of DMARC evaluation. > > At the end of the day, it's about the payoff with the empirical field > data. I believe in the idea of a PCN or BCN - Personal or Business > Community Network. We all have one. Our PCN or BCN are not all the same. > Not all the ESPs are the same. > > Obviously, scale is a one of the main factors, it changes your PCN/BCN but > there is a commonality regardless of scale among all in the community small > to large. I see your low DMARC reject/quarantine rate and high DMARC > passage rate as good markers of a well-run system. It may reflect not > getting a lot of junk mail and it would be interesting to know, with your > volume, what percentage is actually DMARC passed spam. > Content filtering, including anti-virus, occurs after acceptance, so not all accepted email is delivered and some that is delivered could still result in being marked spam. > > My combined PCN/BCN incoming mail stats are collected daily since 2003 at > https://winserver.com/spamstats > > The SPF failure rate was slow to grow over the years. As of this June 2023 > month, I am seeing a high 12.9% SPF rejection, but its has been normally > ~5%. This high may just represent some level of attack this month. > Nevertheless, of the accepted mail, we have a relatively high spam mail > rate. > > Thanks > > -- > Hector Santos,https://santronics.comhttps://winserver.com > > > > On 6/16/2023 10:24 AM, Steve Siirila wrote: > > Below is a table of SPF/DKIM/DMARC statuses over the past 30 days on our > inbound MX servers (umn.edu and several *.umn.edu domains). Note that we > employ a DMARC policy of p=reject; also note that we have split our dmarc > 'fail' status into three categories: > > *fail* indicates a DMARC failure where the sender domain had a policy of > p=none > *quarantine* indicates a DMARC failure where the sender domain had a > policy of p=quarantine > *reject* indicates a DMARC failure where the sender domain had a policy > of p=reject > > *dkim* > > *spf* > > *dmarc* > > *count* > > *pct* > > *description* > > pass > > pass > > pass > > 52954883 > > 73.62% > > Accepted > > pass > > pass > > none > > 11792134 > > 16.40% > > Accepted; no “From:” domain > > fail > > pass > > pass > > 2529364 > > 3.52% > > Accepted: Passed based solely on SPF alignment > > pass > > pass > > fail > > 1155823 > > 1.61% > > Accepted, but alignment failed for both SPF and DKIM > > fail > > pass > > none > > 1131260 > > 1.57% > > Accepted; no “From:” domain > > pass > > fail > > pass > > 991879 > > 1.38% > > Accepted: Passed based solely on DKIM alignment > > pass > > none > > pass > > 200502 > > 0.28% > > Accepted: Passed based solely on DKIM alignment > > fail > > pass > > fail > > 191296 > > 0.27% > > Accepted: Failed, no DMARC policy > > pass > > none > > none > > 190378 > > 0.26% > > Accepted; no “From:” domain > > fail > > none > > fail > > 134941 > > 0.19% > > Accepted: Failed, no DMARC policy > > fail > > none > > none > > 134144 > > 0.19% > > Accepted; no “From:” domain > > pass > > fail > > none > > 102386 > > 0.14% > > Accepted; no “From:” domain > > fail > > fail > > none > > 88609 > > 0.12% > > Accepted; no “From:” domain > > fail > > none > > reject > > 65894 > > 0.09% > > Rejected (missing or bad DKIM) > > fail > > fail > > fail > > 58133 > > 0.08% > > Accepted: Failed, no DMARC policy > > fail > > fail > > reject > > 49305 > > 0.07% > > Rejected (missing or bad DKIM) > > pass > > pass > > quarantine > > 36596 > > 0.05% > > Marked as spam (lack of alignment) > > pass > > none > > fail > > 16517 > > 0.02% > > Accepted: Failed, no DMARC policy > > pass > > fail > > fail > > 15971 > > 0.02% > > Accepted: Failed, no DMARC policy > > pass > > pass > > reject > > 15923 > > 0.02% > > Rejected (lack of alignment) > > fail > > pass > > quarantine > > 14532 > > 0.02% > > Marked as spam (lack of alignment) > > fail > > pass > > reject > > 13484 > > 0.02% > > Rejected (lack of alignment) > > pass > > tempfail > > pass > > 10640 > > 0.01% > > Accepted: Passed based solely on DKIM alignment > > fail > > tempfail > > none > > 10543 > > 0.01% > > Accepted; no “From:” domain > > fail > > fail > > quarantine > > 9149 > > 0.01% > > Marked as spam > > fail > > none > > quarantine > > 5437 > > 0.01% > > Marked as spam > > pass > > tempfail > > none > > 1226 > > 0.00% > > Accepted; no “From:” domain > > pass > > fail > > reject > > 1179 > > 0.00% > > Rejected (lack of alignment or DKIM signature match) > > pass > > fail > > quarantine > > 926 > > 0.00% > > Marked as spam (lack of alignment) > > pass > > none > > reject > > 630 > > 0.00% > > Rejected (lack of alignment or DKIM signature match) > > fail > > tempfail > > reject > > 547 > > 0.00% > > Rejected (lack of alignment) > > fail > > tempfail > > fail > > 537 > > 0.00% > > Accepted: Failed, no DMARC policy > > pass > > none > > quarantine > > 265 > > 0.00% > > Marked as spam (lack of alignment) > > pass > > tempfail > > fail > > 106 > > 0.00% > > Accepted: Failed, no DMARC policy > > pass > > tempfail > > reject > > 10 > > 0.00% > > Rejected (lack of alignment or DKIM signature match) > > fail > > tempfail > > quarantine > > 9 > > 0.00% > > Marked as spam > > pass > > tempfail > > quarantine > > 1 > > 0.00% > > Marked as spam (lack of alignment) > > > _______________________________________________ > dmarc mailing listdmarc@ietf.orghttps://www.ietf.org/mailman/listinfo/dmarc > > >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
