We analyzed DMARC report emails from the last 3 days across nearly 3,500 reporting organisations. Looking only at organisations that sent a substantial volume of reports during that period, just 9 were fully RFC compliant (GMX, WEB.DE & mail.com), while most major reporting organisations had at least one compliance issue.

The most common problems were surprisingly basic: missing required fields like "version", "envelope_from", and SPF "scope", invalid attachment filenames and media types, empty "<sp/>" elements, and invalid values like "sampled_out", "unknown", "hardfail", and even "Pass" with a capital P.

Some large providers scored well but still had edge case issues. Comcast, Microsoft, and Fastmail were close, but not perfect.

Others performed far worse. Yahoo, Google, Amazon SES, and Mimecast all generated large volumes of non-compliant reports.

At DMARC scale, small XML mistakes create real interoperability problems. They break parsers, cause data loss, and force receiving platforms to build endless workarounds.

We’ve already contacted several organisations and shared examples of the issues we found. The goal is better interoperability across the email ecosystem. Until then, DMARC platforms like URIports will keep doing their unofficial second job: translating creative interpretations of the RFC into something that actually parses 😄

More details: https://www.uriports.com/blog/dmarc-reports-ietf-rfc-compliance/

#DMARC #EmailSecurity #EmailAuthentication #SPF #DKIM #CyberSecurity #RFC7489 #URIports

A Major Mail Provider Demonstrate They Likely Do Not Understand Mail At All https://nxdomain.no/~peter/they_do_not_understand_mail_at_all.html (tracked https://bsdly.blogspot.com/2026/01/a-major-mail-provider-demonstrate-they.html)

#greytrapping #spam, #antispam #greylisting #blocklist, #openbsd #freebsd #smtp #email #SMTP, #contentfiltering #SPF #DMARC #security #networking

#dmarc