On Tue 08/Oct/2024 02:07:00 +0200 Steven M Jones wrote:
On 9/30/24 10:53, Alessandro Vesely wrote:
On Sun 29/Sep/2024 23:16:46 +0200 Murray S. Kucherawy wrote:
In Section 4.7, just out of curiosity, how much have we observed use of the
"fo" tag in the wild?
...

In fact, RFCs 6651/2 provide their own ra= tags to specify a reporting address, so if fo= only uses "d" and "s" values, it would make sense to set fo= without ruf=.

Requiring ruf= makes sense only if the only reports considered are those described in dmarc-failure-reporting.


The following figures are for validly-formatted DMARC policies observed in DNS before and after June 2024*, that included the "fo=" tag with a value specified in RFC7489.

 "fo=" Tag     Total Records   Records w/o "ruf" tag
 fo=1              6,753,358                 442,976
 fo=0                563,852                 347,126
 fo=s                 17,787                   3,237
 fo=d                  5,885                     691

The total (7,340,882) is a bit less than one third of all validly-formatted DMARC policies observed in DNS before and after June 2024.


Nice one Steve, thank you.

I'd guess those records on the right column are from operators mistakenly forgetting to put the address where records are to be sent. A way to prove it would be to check how many of the 3,237 fo=s domains w/o ruf= have a ra= tag in their SPF records, or how many of the 691 fo=d domains w/o ruf= do publish a TXT record containing ra= in their _report._domainkey subdomain. I'd guess none.

Failure reports may be caused by SPF or DKIM failures. Their formats differ in that SPF-DNS is only required for SPF failure, while DKIM-Domain, DKIM-Identity, DKIM-Selector, DKIM-Canonicalized-Header and DKIM-Canonicalized-Body only make sense in case of DKIM failure. Thus it makes sense to call them "SPF failure report" and "DKIM failure report" in the DMARC context, referring to the formats which are defined in such context.


Best
Ale
--








_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to