IETF Logo Mail Archive

Re: [dmarc-ietf] Some Proposed Language for a New pct Tag Defintion

Douglas Foster <dougfoster.emailstandards@gmail.com> Sat, 31 July 2021 23:47 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDD9A3A20D2 for <dmarc@ietfa.amsl.com>; Sat, 31 Jul 2021 16:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OJw5semBrG7S for <dmarc@ietfa.amsl.com>; Sat, 31 Jul 2021 16:47:23 -0700 (PDT)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98CDF3A20D1 for <dmarc@ietf.org>; Sat, 31 Jul 2021 16:47:23 -0700 (PDT)
Received: by mail-ot1-x32a.google.com with SMTP id 61-20020a9d0d430000b02903eabfc221a9so13831745oti.0 for <dmarc@ietf.org>; Sat, 31 Jul 2021 16:47:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=xrCp0G26yAZK3pxvojQd4aB/13nzLogHid3xZmZhBE0=; b=CMZn3QGo0oO5oXHtykyqpYzr3x1x0sWIiHkNdT7hpWfKJu8L0c1b2thlVrE2mquCYV mU1lLpRlM+Nwc2Y2hfx54nZN/Lp6lwq0cYvMv4HTZWWmT7sRR2Vit2EPF8xcCL9a2UnQ r39o8BgQPnqFyeA4kLgPCu/t0V9kXYJCK+Sz4coe0nW4bYDkjJk9J0b6P0FcDMZ8r4ML VtbozuRH/E8bzy+ioNCbldGEz2NDtUYeARSprUkHI+i/ytOazv3ajN22IyTD3Lf0FWCw F5jhXgrM5tBXbMp5VLP8JTu/f5rAwT/qSlCrKq6CBAt4kLKsIPUBGU8EYnlicEYRcNXo SAuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=xrCp0G26yAZK3pxvojQd4aB/13nzLogHid3xZmZhBE0=; b=ZQdjJ2nlO4QWZGAn9Wi8r6ObLimEgrh6GXiZ2H83U7SLZ+dNdVFO/Qx0587RPwDs6+ 7yZZ9ciJfGY3gtsLz+m5CCX44+/oMqRSS3s5T+hpHAEwKhBiwU/7tcEGF1J5QFq3hsL1 5Q/X00GCJLFcVGvmNMn9bseJJWn6xDyEe3IB7CxM+Tb90RRk0F+yOCwsKduE6GWXoi73 0VJrnreFv67UhRLd3a/hMDxHmADaSrUcMzgotRuDWquEYybGdxnNuOYiNolX8tdm3epT UB2jEfE2P3M5zXJOg0wiTUCov1JGZlND57jL+CiZOuo9dLLDc+BdA/ECVTtU0vX9YNpD 0QHg==
X-Gm-Message-State: AOAM533C9+U1gr/3PDgeemKTcvTpUliHQWnUwKdBl4hBovMZAJCxEcns zzBPf3Xx0XEjkx4yBPgGObvEbmi14cZyFYDhvMNUkWnvFjE=
X-Google-Smtp-Source: ABdhPJz3KguDwDlKTvpUSB1G1Zxrj2wvTTXJN5571Am8isRjTFr2CahUjnWur9b/JDIaxJH6G97WdU+Z+/rYgqZ1Dno=
X-Received: by 2002:a05:6830:4429:: with SMTP id q41mr7052956otv.284.1627775242159; Sat, 31 Jul 2021 16:47:22 -0700 (PDT)
MIME-Version: 1.0
References: <CAHej_8m4W_k_r9SV6reNJA7aMGFCkK451tjvQGtrPNwRtJwC8A@mail.gmail.com> <6e96de62-f387-bb42-a5da-0b7f74674a02@tana.it>
In-Reply-To: <6e96de62-f387-bb42-a5da-0b7f74674a02@tana.it>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sat, 31 Jul 2021 19:47:12 -0400
Message-ID: <CAH48ZfzjQxRzqpGD9GqgeJcJ25V1cA3ke-x-N-bxO9--Lm4NUQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000154a8605c873f595"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/1wvJ43fWtCft09IdZPD6UioLRXs>
Subject: Re: [dmarc-ietf] Some Proposed Language for a New pct Tag Defintion
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2021 23:47:28 -0000

Ale, I understand your concern but I don't know that it can be solved.

My core objection is the partial-enforcement algorithm.   I cannot believe
that it would be wise for me, or any other receiver, to implement that
algorithm.   However, DMARCv1 was written with a presumed requirement for
participating recipients to follow that algorithm.

Given my expectations around actual recipient behavior, it seems
unreasonable to tell domain owners to expect a different set of behaviors
than what will actually occur.  I do not want to mislead.

During evaluation, my practice will be to treat any value other than 100 as
equal to zero, because it means that the sender does not have enough
confidence in his situation to be able to provide me with useful
information.   It does not mean that I will ignore the sender
authentication failure.

In the face of ambiguity, the only way to get a correct disposition is to
collect more data.    If I had more time, I would quarantine all
unauthenticated mail until I could determine whether the sender should be
authenticated by local policy or blacklisted by local policy.   In
practice, I quarantine some messages and let some messages through, then
periodically go back and adjust my policies after reviewing actual message
details.

Doug Foster

On Sat, Jul 31, 2021 at 5:40 AM Alessandro Vesely <vesely@tana.it> wrote:

> On Fri 30/Jul/2021 22:06:39 +0200 Todd Herr wrote:
> > Following on to the recent discussion about the pct tag, and
> specifically the
> > disallowing of any values other than 0 and 100, I propose the following
> text
> > and look forward to your comments:
>
>
> I still dislike this limitation.  I previously showed that users seem to
> change
> pct= with some salt.  In addition, how should implementations amend their
> code?
>   What shall a receiver do if it finds intermediate values of pct?
>
> I'd keep allowing intermediate values.  Substitute /Possible values are as
> follows:/ with /RECOMMENDED values are as follows:/.
>
> For case 0:
>
> YOUR TEXT:
>       0:  A request that zero percent of messages producing a DMARC
>           "fail" result have the specified policy applied.  While this is
>           seemingly a non-sensical request, this value has been given
>           special meaning by some mailbox providers and intermediaries
>           when combined with "p=" values other than "none".  In those
>           cases, in can result in changes to message handling, and/or
>           DMARC reporting for the domain publishing such a policy.  In
>           some instances of altered reporting, it is possible that the
>           altered reports may reveal intermediaries whose handling of the
>           domain owners' mail could cause it to produce a DMARC result of
>           "fail" when it reaches its final destination.
>
> MY PROPOSED ALTERNATIVE:
>       0:  A request that messages producing a DMARC "fail" result never
>           have the specified policy applied.  The special meaning of
>           this value is to have mailing lists which discriminate message
>           handling by author's domain policy apply From: munging
>           (see [Section X.Y.Z]) while final receivers still apply no
>           policy.
>
>
> Best
> Ale
> --
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email