> Robin said.. > > Of all email-based domain control validation we perform those email > > addresses (on the same domain being applied for) are used as follows: > > > > admin@ 33.9% > > hostmaster@ 7.8% > > webmaster@ 7.6% > > administrator@ 7.5% > > postmaster@ 4.5% > Gerv said.. > I'm sure there's an obvious reason, but why doesn't this add up to 100%? > Is it because the other validations use an email address sourced from > WHOIS? Yes, exactly so.
Of all email-based DCV we do, 69.4% use an email address on the same domain as the certificate is being purchased for (allowing for pruning, too). Of those 69.4%, most use one of those 5 email addresses mentioned in the BRs as detailed above which add up to 61.3% of the total. The difference, being (69.4% - 61.3% =) 8.1% of the total use an email address on the same domain as the certificate but not one of the above 5. This is only permitted when that email address is sourced from WHOIS. #6 on the list is info@ with ~0.5% The rest, being (100% - 69.4% =) 30.6% use email addresses on a different domain, and these are only permitted when that email address is sourced from WHOIS. > > Do the above percentages include some where the email is sourced from > WHOIS but happens to match the permitted five? I think they must include some, yes. I'll see if we have some data to give a ballpark figure as to how often that is the case. Robin
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
