Hello, We're currently building DMARC support and before we go live, I am looking for some numbers around known cases of DMARC quarantining/rejecting legitimate email. Here are cases I can think of:
1. Case 1 - sender publishes DMARC and only authenticates with SPF, user auto-forwards their email Example: bulk sender -> Hotmail -> Gmail This would pass DMARC at Hotmail (since bulk sender publishes SPF) but fail at Gmail (since Gmail will see Hotmail's IP but bulk sender in the 5321.MailFrom) According to Google in a blog post - http://googleonlinesecurity.blogspot.com/2013/12/internet-wide-efforts-to-fight-email.html, around 75% of messages authenticate with DKIM and SPF. 15% authenticate with SPF only, 2% with DKIM only and about 9% no authentication. The only ones that would be a problem in Case 1 is SPF-only, and only those that publish DMARC records with p=quarantine/none. Does anyone know how much email this might be? 2. Case 2 - discussion/mailing lists. This is a known limitation of DMARC and there are workarounds, but if no one does anything, the day after we turn on DMARC how much email would this affect? Does anyone have numbers on how much this would affect? 3. Case 3 - anything else? Possibly broken DKIM signatures? Based upon threads, DKIM seems to pass anywhere between 10% and 90% of the time. Seems to be that the higher number is more realistic since if your DKIM is breaking, you'd want to know about it. This would be especially true for those who publish DMARC. Thanks. -- Terry _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
