On Fri 21/Jul/2023 09:35:32 +0200 OLIVIER HUREAU wrote:
Instead, I see language that drives people to fixate on the 1% of traffic
that has a DMARC policy with p=reject.
Indeed: I caution everyone about making assumptions based on what we
think we know, and extending those assumptions to the entire Internet.
There are things we can study (by, for example, doing DNS queries and
analyzing results), and there are things about which we just say, "I
don't know anyone who does [or doesn't do] this, so that must be the
case overall." The latter is hazardous.
According to September 2020 scans
(https://ieeexplore.ieee.org/abstract/document/9375477/
41% of them have p=reject, 9.3% have p=quarantine, and 39.6% have p=none.
To quote the whole paragraph:
Regarding DMARC, only 310,185 out of 236 million do-
mains have DMARC corresponding to approximately 0.13%
of the population. For the domains with a DMARC rule,
41% of them have p=reject , 9.3% have p=quarantine ,
and 39.6% have p=none rule. These figures are also far
different from the 5.1% of the domain names in the Alexa top
1M domains with DMARC rules [9], which again confirms
that more popular domain names deploy email anti-spoofing
schemes on a wider scale.
Granted we don't (and cannot) know reality as a whole. Efforts to achieve some
knowledge are welcome, though.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
