Re: [dmarc-ietf] Aggregate Report Statistics
What is your point / the information you find relevant here to WGLC of the
bis project?
We do many times this volume in a single day and are happy to share top
line stats.
Seth
-mobile
On Wed, Mar 27, 2024 at 18:08 Matthäus Wander wrote:
> Here is an evaluation of 84k aggregate reports in the timespan of
> 2020-2024.
>
>481 reporting organizations
>derived from 896 distinct strings
>---+---
> 44 use Organization Names ("Example")
> with min=1, median=1.0, mean=1.11, max=3 distinct names
>344 use Organizational Domains only ("example.net")
> with min=1, median=1.0, mean=1.05, max=10 distinct domains
> 93 use Hostnames and Domains ("mx1.example.net")
> with min=1, median=2, mean=5.23, max=315 distinct hosts
>---+---
>364 report version
> 2 report version__other
> 0 report meta_error
>450 report sp
>340 report sp__empty
> 39 report fo__v1
> 0 report fo__v1empty
> 69 report override_reason
> 21 report envelope_to
>354 report envelope_from__v1
>119 report envelope_from__v1empty
> 18 report envelope_from__v1missing
> 3 report dkim_selector__empty
> 94 report dkim_selector__missing
> 18 report dkim_result__none
> 19 report dkim_human_result
> 17 report dkim_human_result__copy
>357 report spf_scope__v1
>---+---
> Human-comprehensible result:
> - 76% (364/481) of reporters announce the use of the RFC 7489
> 1.0 schema.
> - No one seems to use below .
> - 71% (340/481) report an empty instead of the default value.
> - 11% (39/364) of 1.0 reporters include the element, although it's
> actually mandatory. Draft schema does not have .
>
> :
> - 4% (21/481) use .
> - 97% (351/364) of 1.0 reporters use . Draft schema does
> not have .
> - 33% (119/364) have used an empty (i.e., reported a
> bounce) at least once.
> - 5% (18/364) have omitted at least once, even though
> it is mandatory in 1.0.
> - The remaining 62% either did not receive a bounce or do not report
> bounces.
>
> :
> - 20% (94/481) have omitted the optional in a DKIM result at
> least once.
> - 4% (18/481) have reported a DKIM none, even though
> they could've instead omit the element altogether.
> - 4% (19/481) have used the DKIM , but only 2 used it for
> extra information that was not just a copy of .
>
> Regards,
> Matt
>
> ___
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
[dmarc-ietf] Aggregate Report Statistics
Here is an evaluation of 84k aggregate reports in the timespan of 2020-2024.
481 reporting organizations
derived from 896 distinct strings
---+---
44 use Organization Names ("Example")
with min=1, median=1.0, mean=1.11, max=3 distinct names
344 use Organizational Domains only ("example.net")
with min=1, median=1.0, mean=1.05, max=10 distinct domains
93 use Hostnames and Domains ("mx1.example.net")
with min=1, median=2, mean=5.23, max=315 distinct hosts
---+---
364 report version
2 report version__other
0 report meta_error
450 report sp
340 report sp__empty
39 report fo__v1
0 report fo__v1empty
69 report override_reason
21 report envelope_to
354 report envelope_from__v1
119 report envelope_from__v1empty
18 report envelope_from__v1missing
3 report dkim_selector__empty
94 report dkim_selector__missing
18 report dkim_result__none
19 report dkim_human_result
17 report dkim_human_result__copy
357 report spf_scope__v1
---+---
Human-comprehensible result:
- 76% (364/481) of reporters announce the use of the RFC 7489
1.0 schema.
- No one seems to use below .
- 71% (340/481) report an empty instead of the default value.
- 11% (39/364) of 1.0 reporters include the element, although it's
actually mandatory. Draft schema does not have .
:
- 4% (21/481) use .
- 97% (351/364) of 1.0 reporters use . Draft schema does
not have .
- 33% (119/364) have used an empty (i.e., reported a
bounce) at least once.
- 5% (18/364) have omitted at least once, even though
it is mandatory in 1.0.
- The remaining 62% either did not receive a bounce or do not report
bounces.
:
- 20% (94/481) have omitted the optional in a DKIM result at
least once.
- 4% (18/481) have reported a DKIM none, even though
they could've instead omit the element altogether.
- 4% (19/481) have used the DKIM , but only 2 used it for
extra information that was not just a copy of .
Regards,
Matt
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Fwd: [Technical Errata Reported] RFC7489 (7865)
Alessandro Vesely wrote on 2024-03-27 10:00:
I changed that to /[0-9a-fA-F.:]{2,45}/, to allow "::", and inserted it
in dmarc-xml-0.2-short.xsd[*]. At the same time, I added a pattern for
"::1.2.3.4" in dmarc-xml-0.2.xsd[†].
I can live with either of these variants.
I'm not clear what will that schema be used for, if at all. Personally,
the only reason why I'd prefer the long regex is because it might have
some value by itself. The short one is cleaner and more grokkable. The
wrong one has none of those qualities.
I see the following use cases for the schema (sorted from most to least
important):
1) Provide a precise description to implementers (of both report senders
and receivers) how a report should look like.
2) Allow report senders to verify the correctness of their implementation.
3) Allow report receivers to perform input validation before ingesting a
report.
Regards,
Matt
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Fwd: [Technical Errata Reported] RFC7489 (7865)
On Tue 26/Mar/2024 21:57:46 +0100 Matthäus Wander wrote:
Alessandro Vesely wrote on 2024-03-26 19:30:
No. To take several years and come up with a syntax which does not cover all
valid addresses is a sign of incompetence that this WG doesn't deserve, IMHO.
What do others think?
Let's rather switch to /[0-9a-fA-F.:]+/. Terse and correct.
I'm in favor of a brief and coarse regex, which is suitable for detecting
obvious junk. The above proposal looks good enough to me. I wouldn't mind
adding an outer bounds check, e.g.: [0-9a-fA-F.:]{3,45}
I changed that to /[0-9a-fA-F.:]{2,45}/, to allow "::", and inserted it in
dmarc-xml-0.2-short.xsd[*]. At the same time, I added a pattern for "::1.2.3.4" in
dmarc-xml-0.2.xsd[†]. I tested both against the list of IP that I attach. (xmllint allows
breaking a pattern by backslash+newline, svalidate and xmlstarlet don't. However, publishing on
IETF XML Registry shouldn't have line length limitations.)
If an implementer sees merit in a comprehensive syntax check, they can add one
to their software.
I'm not clear what will that schema be used for, if at all. Personally, the
only reason why I'd prefer the long regex is because it might have some value
by itself. The short one is cleaner and more grokkable. The wrong one has
none of those qualities.
Best
Ale
--
[*]
https://github.com/alevesely/draft-ietf-dmarc-aggregate-reporting/blob/main/dmarc-xml-0.2-short.xsd
[†]
https://github.com/alevesely/draft-ietf-dmarc-aggregate-reporting/blob/main/dmarc-xml-0.2.xsd
2001:db8:0:0:1:0:0:1
2001:0db8:0:0:1:0:0:1
2001:db8::1:0:0:1
2001:db8::0:1:0:0:1
2001:0db8::1:0:0:1
2001:db8:0:0:1::1
2001:db8::0:1::1
2001:DB8:0:0:1::1
2001:db8::::::0001
2001:db8::::::001
2001:db8::::::01
2001:db8::::::1
2001:db8::::::1
2001:db8:::::0:1
2001:db8:0:0:0::1
2001:db8:0:0::1
2001:db8:0::1
2001:db8::1
2001:db8:::0:0:1
2001:db8:0:0:::1
2001:db8::::::
2001:db8::::::
2001:db8::::::AaAa
ABCD:EF01:2345:6789:ABCD:EF01:2345:6789
2001:DB8:0:0:8:800:200C:417A
2001:DB8:0:0:8:800:200C:417A
FF01:0:0:0:0:0:0:101
0:0:0:0:0:0:0:1
0:0:0:0:0:0:0:0
2001:DB8::8:800:200C:417A
FF01::101
::1
::
0:0:0:0:0:0:13.1.68.3
0:0:0:0:0::129.144.52.38
::13.1.68.3
:::129.144.52.38
:::12.34.56.78
::0::12.34.56.78
::00::12.34.56.78
::000::12.34.56.78
::::12.34.56.78
::0:00::12.34.56.78
::00:00::12.34.56.78
::000:00::12.34.56.78
:::00::12.34.56.78
::0:0:0::12.34.56.78
::0:0:00::12.34.56.78
::0:00:00::12.34.56.78
::0:0:000::12.34.56.78
::0::0::12.34.56.78
::00:0:0::012.034.056.078
::0:00:0::012.034.056.078
::0:0:00::012.034.056.078
::000:0:0::012.034.056.078
::0:000:0::012.034.056.078
::0:0:000::012.034.056.078
:::0:::012.034.056.078
::
::1
1::
0::
0.0.0.0
1.0.0.0
0.1.0.0
0.0.1.0
0.0.0.1
a::b
0:a:b::
0:0:a::b
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
