On Tuesday, June 13, 2023 5:33:50 PM EDT Tero Kivinen wrote: > Barry Leiba writes: > > > DKIM only: ~99.5% > > > DKIM + SPF: ~100% > > > SPF only: ~100% > > > > That's interesting and disturbing if it remains consistent. > > The statistics I have are quite different. The failure rate is much > bigger both in DKIM and SPF. > > Following statistics is random subset of emails going through iki.fi > system, from last 30 days, consisting bit less than 4 million emails. > Iki.fi is email forwarding service, so about 90% of those emails will > fail SPF checks after iki.fi sends them forward. DKIM will go through > unmodified, and we do not modify normal messages (spam messages might > get tagged as spam depending on the members configuration), so 85.75% > of emails will still have valid DKIM signature after passing iki.
Thanks. Sorry for the late reply, I've been tied up with some other work the last couple of days. I'm not surprised it's radically different as it's a differently scoped data set. As I mentioned up-thread these were for directly connected mail deliveries, so the normal DMARC failure mechanisms weren't relevant. Additionally, these were mail servers for domains which were actively working on having a complete/correct DKIM/SPF configuration to support DMARC, so not average in that manner either. Since all we had were statistics based on DMARC feedback, we were never able to explore what was behind the DKIM failure rate. Often in large entities, it's the compartmentalization and need for coordination that turns out to cause many of the problems. I've worked with companies on DMARC deployments where helping them update or develop relevant internal policy, procedures, and processes ended up being a significant fraction of the effort. SPF, DKIM, and DMARC introduce a requirement for a more centralized and complete view of outbound architecture than has historically been needed. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
