Re: [dmarc-ietf] Aggregate Report Statistics
What is your point / the information you find relevant here to WGLC of the bis project? We do many times this volume in a single day and are happy to share top line stats. Seth -mobile On Wed, Mar 27, 2024 at 18:08 Matthäus Wander wrote: > Here is an evaluation of 84k aggregate reports in the timespan of > 2020-2024. > >481 reporting organizations >derived from 896 distinct strings >---+--- > 44 use Organization Names ("Example") > with min=1, median=1.0, mean=1.11, max=3 distinct names >344 use Organizational Domains only ("example.net") > with min=1, median=1.0, mean=1.05, max=10 distinct domains > 93 use Hostnames and Domains ("mx1.example.net") > with min=1, median=2, mean=5.23, max=315 distinct hosts >---+--- >364 report version > 2 report version__other > 0 report meta_error >450 report sp >340 report sp__empty > 39 report fo__v1 > 0 report fo__v1empty > 69 report override_reason > 21 report envelope_to >354 report envelope_from__v1 >119 report envelope_from__v1empty > 18 report envelope_from__v1missing > 3 report dkim_selector__empty > 94 report dkim_selector__missing > 18 report dkim_result__none > 19 report dkim_human_result > 17 report dkim_human_result__copy >357 report spf_scope__v1 >---+--- > Human-comprehensible result: > - 76% (364/481) of reporters announce the use of the RFC 7489 > 1.0 schema. > - No one seems to use below . > - 71% (340/481) report an empty instead of the default value. > - 11% (39/364) of 1.0 reporters include the element, although it's > actually mandatory. Draft schema does not have . > > : > - 4% (21/481) use . > - 97% (351/364) of 1.0 reporters use . Draft schema does > not have . > - 33% (119/364) have used an empty (i.e., reported a > bounce) at least once. > - 5% (18/364) have omitted at least once, even though > it is mandatory in 1.0. > - The remaining 62% either did not receive a bounce or do not report > bounces. > > : > - 20% (94/481) have omitted the optional in a DKIM result at > least once. > - 4% (18/481) have reported a DKIM none, even though > they could've instead omit the element altogether. > - 4% (19/481) have used the DKIM , but only 2 used it for > extra information that was not just a copy of . > > Regards, > Matt > > ___ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
[dmarc-ietf] Aggregate Report Statistics
Here is an evaluation of 84k aggregate reports in the timespan of 2020-2024. 481 reporting organizations derived from 896 distinct strings ---+--- 44 use Organization Names ("Example") with min=1, median=1.0, mean=1.11, max=3 distinct names 344 use Organizational Domains only ("example.net") with min=1, median=1.0, mean=1.05, max=10 distinct domains 93 use Hostnames and Domains ("mx1.example.net") with min=1, median=2, mean=5.23, max=315 distinct hosts ---+--- 364 report version 2 report version__other 0 report meta_error 450 report sp 340 report sp__empty 39 report fo__v1 0 report fo__v1empty 69 report override_reason 21 report envelope_to 354 report envelope_from__v1 119 report envelope_from__v1empty 18 report envelope_from__v1missing 3 report dkim_selector__empty 94 report dkim_selector__missing 18 report dkim_result__none 19 report dkim_human_result 17 report dkim_human_result__copy 357 report spf_scope__v1 ---+--- Human-comprehensible result: - 76% (364/481) of reporters announce the use of the RFC 7489 1.0 schema. - No one seems to use below . - 71% (340/481) report an empty instead of the default value. - 11% (39/364) of 1.0 reporters include the element, although it's actually mandatory. Draft schema does not have . : - 4% (21/481) use . - 97% (351/364) of 1.0 reporters use . Draft schema does not have . - 33% (119/364) have used an empty (i.e., reported a bounce) at least once. - 5% (18/364) have omitted at least once, even though it is mandatory in 1.0. - The remaining 62% either did not receive a bounce or do not report bounces. : - 20% (94/481) have omitted the optional in a DKIM result at least once. - 4% (18/481) have reported a DKIM none, even though they could've instead omit the element altogether. - 4% (19/481) have used the DKIM , but only 2 used it for extra information that was not just a copy of . Regards, Matt ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Fwd: [Technical Errata Reported] RFC7489 (7865)
Alessandro Vesely wrote on 2024-03-27 10:00: I changed that to /[0-9a-fA-F.:]{2,45}/, to allow "::", and inserted it in dmarc-xml-0.2-short.xsd[*]. At the same time, I added a pattern for "::1.2.3.4" in dmarc-xml-0.2.xsd[†]. I can live with either of these variants. I'm not clear what will that schema be used for, if at all. Personally, the only reason why I'd prefer the long regex is because it might have some value by itself. The short one is cleaner and more grokkable. The wrong one has none of those qualities. I see the following use cases for the schema (sorted from most to least important): 1) Provide a precise description to implementers (of both report senders and receivers) how a report should look like. 2) Allow report senders to verify the correctness of their implementation. 3) Allow report receivers to perform input validation before ingesting a report. Regards, Matt ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Fwd: [Technical Errata Reported] RFC7489 (7865)
On Tue 26/Mar/2024 21:57:46 +0100 Matthäus Wander wrote: Alessandro Vesely wrote on 2024-03-26 19:30: No. To take several years and come up with a syntax which does not cover all valid addresses is a sign of incompetence that this WG doesn't deserve, IMHO. What do others think? Let's rather switch to /[0-9a-fA-F.:]+/. Terse and correct. I'm in favor of a brief and coarse regex, which is suitable for detecting obvious junk. The above proposal looks good enough to me. I wouldn't mind adding an outer bounds check, e.g.: [0-9a-fA-F.:]{3,45} I changed that to /[0-9a-fA-F.:]{2,45}/, to allow "::", and inserted it in dmarc-xml-0.2-short.xsd[*]. At the same time, I added a pattern for "::1.2.3.4" in dmarc-xml-0.2.xsd[†]. I tested both against the list of IP that I attach. (xmllint allows breaking a pattern by backslash+newline, svalidate and xmlstarlet don't. However, publishing on IETF XML Registry shouldn't have line length limitations.) If an implementer sees merit in a comprehensive syntax check, they can add one to their software. I'm not clear what will that schema be used for, if at all. Personally, the only reason why I'd prefer the long regex is because it might have some value by itself. The short one is cleaner and more grokkable. The wrong one has none of those qualities. Best Ale -- [*] https://github.com/alevesely/draft-ietf-dmarc-aggregate-reporting/blob/main/dmarc-xml-0.2-short.xsd [†] https://github.com/alevesely/draft-ietf-dmarc-aggregate-reporting/blob/main/dmarc-xml-0.2.xsd 2001:db8:0:0:1:0:0:1 2001:0db8:0:0:1:0:0:1 2001:db8::1:0:0:1 2001:db8::0:1:0:0:1 2001:0db8::1:0:0:1 2001:db8:0:0:1::1 2001:db8::0:1::1 2001:DB8:0:0:1::1 2001:db8::::::0001 2001:db8::::::001 2001:db8::::::01 2001:db8::::::1 2001:db8::::::1 2001:db8:::::0:1 2001:db8:0:0:0::1 2001:db8:0:0::1 2001:db8:0::1 2001:db8::1 2001:db8:::0:0:1 2001:db8:0:0:::1 2001:db8:::::: 2001:db8:::::: 2001:db8::::::AaAa ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 2001:DB8:0:0:8:800:200C:417A 2001:DB8:0:0:8:800:200C:417A FF01:0:0:0:0:0:0:101 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:0 2001:DB8::8:800:200C:417A FF01::101 ::1 :: 0:0:0:0:0:0:13.1.68.3 0:0:0:0:0::129.144.52.38 ::13.1.68.3 :::129.144.52.38 :::12.34.56.78 ::0::12.34.56.78 ::00::12.34.56.78 ::000::12.34.56.78 ::::12.34.56.78 ::0:00::12.34.56.78 ::00:00::12.34.56.78 ::000:00::12.34.56.78 :::00::12.34.56.78 ::0:0:0::12.34.56.78 ::0:0:00::12.34.56.78 ::0:00:00::12.34.56.78 ::0:0:000::12.34.56.78 ::0::0::12.34.56.78 ::00:0:0::012.034.056.078 ::0:00:0::012.034.056.078 ::0:0:00::012.034.056.078 ::000:0:0::012.034.056.078 ::0:000:0::012.034.056.078 ::0:0:000::012.034.056.078 :::0:::012.034.056.078 :: ::1 1:: 0:: 0.0.0.0 1.0.0.0 0.1.0.0 0.0.1.0 0.0.0.1 a::b 0:a:b:: 0:0:a::b ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc