[Top] [All Lists]

Re: [ietf-smtp] DANE penetration for MTA/MTA interactions

2021-03-25 08:39:46
Over the course of 24hrs, we have:

* About 55% using STARTTLS or None
* 35% using MTA-STS (regardless of policy)
* 10% using DANE

A few notes about this.  DANE is higher for us due to an MX which covers 
several internal domains also being protected with DANE.  Without that MX in 
the results, DANE is about 0.5%.  Note that we send mostly US-based P2P mail, 
largely going to the three larger providers (all of which are using some level 
of MTA-STS, though I find it curious that has MTA-STS, but 
does not).  Our largest DANE destinations are Protonmail, 1and1/1und1, and US 
Gov't entities.  Over the past two years, the raw volume for DANE deliveries 
has nearly tripled.  FWIW, MTA-STS mode is about 75% enforce/25% testing.  Of 
the TLSRPT reports (not a huge number) we have received over the past 15d, 
they've all referenced our MTA-STS as the controlling policy type.

Be good to get numbers from someone in Europe (NL or DE perhaps) and see how 
they compare.  I'd expect they have a bit more DANE than we do.

Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy

-----Original Message-----
From: ietf-smtp <ietf-smtp-bounces(_at_)ietf(_dot_)org> On Behalf Of Dave 
Sent: Wednesday, March 24, 2021 5:24 PM
To: Brotman, Alex <Alex_Brotman(_at_)comcast(_dot_)com>; 
dcrocker(_at_)bbiw(_dot_)net; ietf-
smtp <ietf-smtp(_at_)ietf(_dot_)org>
Subject: Re: [ietf-smtp] DANE penetration for MTA/MTA interactions

On 3/24/2021 12:40 PM, Brotman, Alex wrote:
I have previously gathered metrics for our outbound sending using DANE
(I've presented at M3AAWG about this), however, we can't know how much
inbound mail is using our DANE records.  If you're interested in the outbound
numbers, I can send those to you.

Anything you consider credible.  And I suspect percentage is more useful
than absolute numbers.  And only rough approximations.  This is more like a
casual market survey than anything more serious.

Also, any sense of change over time could be interesting.



Dave Crocker
Brandenburg InternetWorking

ietf-smtp mailing list

ietf-smtp mailing list