Re: [dmarc-ietf] [EXTERNAL] DMARC XML grammar

Mon, 17 May 2021 03:37:31 -0700 

Here's some data that might be helpful to consider.
Data comprises about a year of reports for one domain.

  229 reporting organizations
      derived from 369 distinct <org_name> strings
  ---+---
   20 use Organization Name ("Example")
  161 use Organizational Domain only ("example.net")
   48 use Hostnames ("mx1.example.net", ...)
        with min=1, median=1.0, mean=3.92, max=116 distinct hostnames
  ---+---
  193 report version
    0 report meta_error
  227 report sp
  179 report sp__empty
   20 report fo__v1
    0 report fo__v1empty
    6 report override_reason
   12 report envelope_to
  191 report envelope_from__v1
   41 report envelope_from__v1empty
    6 report envelope_from__v1missing
    0 report dkim_selector__empty
   25 report dkim_selector__missing
    7 report dkim_result__none
   10 report dkim_human_result
    9 report dkim_human_result__copy
  191 report spf_scope__v1

Human-comprehensible result:
- 84% (193/229) of reporters announce the use of the RFC 7489
<version>1.0</version> schema.
- No one uses <error> below <report_metadata>.
- 78% (179/229) report an empty <sp></sp> instead of the default value.
- 10% (20/193) of 1.0 reporters include the <fo> element, although it's
actually mandatory. Draft schema does not have <fo>.

<identifiers>:
-  5% (12/229) use <envelope_to>.
- 99% (191/193) of 1.0 reporters use <envelope_from>. Draft schema does
not have <envelope_from>.
- 21% (41/193) have used an empty <envelope_from> (i.e., reported a
bounce) at least once.
-  3% (6/193) have omitted <envelope_from> at least once, even though
it is mandatory in 1.0.
- The remaining 75% either did not receive a bounce or do not report
bounces.

<dkim>:
- 11% (25/229) have omitted the optional <selector> in a DKIM result.
-  3% (7/229) have reported a DKIM <result>none</result>, even though
they could've instead omit the <dkim> element altogether.
-  4% (10/229) have used the <dkim_human_result>, but only 1 used it
for extra information that was not just a copy of <result>.

Regards,
Matt

_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to