Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99
Douglas Foster <dougfoster.emailstandards@gmail.com> Tue, 13 July 2021 21:21 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B91D3A1071 for <dmarc@ietfa.amsl.com>; Tue, 13 Jul 2021 14:21:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hGXSXBnLTFyS for <dmarc@ietfa.amsl.com>; Tue, 13 Jul 2021 14:21:55 -0700 (PDT)
Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D54D3A106E for <dmarc@ietf.org>; Tue, 13 Jul 2021 14:21:55 -0700 (PDT)
Received: by mail-oi1-x22c.google.com with SMTP id s23so15449304oij.0 for <dmarc@ietf.org>; Tue, 13 Jul 2021 14:21:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OYFsf/zP3rLJ5b1ehMz7+IGyuuXtnVOEX6wfRv/WaPg=; b=k2Fei3syJ1BhLE3C7gARXXrUvrbXZfybBrvEejARjef+iRy1lDqNgRtw7s87IbKzaQ wG4ytMuvIllc8OkIouIJdjx9esrQbQh9XD03TcP91s0xNUAsvhfun3wkyHb4Yq3UOq0u I/uzuLwFOJsQhqmTF5ILBPywgzSFdG4x1oTDsZQ8JGKONrYY7hGaixaZcvcsPwk4DRuV GZe+MfJBuroC0K+y6CDSVCrTEPvzhALo5yME8yTqu1WxKCUynBIJV7D8/GiBwnmOv72c +x1ek0+2tDkuLQQH9OYT46CI4BfwOrHw8yc84biNXjjk3D8mDJC5lk4bASYvSAxAkclR j+7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OYFsf/zP3rLJ5b1ehMz7+IGyuuXtnVOEX6wfRv/WaPg=; b=FEQKyYbZBJ3qqdwRtz9glntXDzf6MG37QiPqwAv7EK56ZY2tQRHoR4NUNVYgHE4ycp nVEXLZS8cMiwRZRBBkz9vpzXK/3FWEEKRbcG02x2e/vJSaU9pBQdHIU98VzU9/pc7ClH esLhS9AFb8xGPQEo49OdFhEM3e8VdeTVAsDIzhxQCvDuyQ0KLWuuiCERRHNWA2R0M3f5 uElbOW1grJ/hr66GGk239OIlBTo/9IBIAqvTemetwGJvhrA65EHej+w3/xR6yULlIIv3 SrmEu/7ggwBEqmq5mX+VdDcmuDQE1vJ21iH9+JbfGQDfnrJb5n7FBTV0SDx2sqhXWnwR NdoA==
X-Gm-Message-State: AOAM532nLpWGhqHrohDFKnskd7YEQtRyHWwONBjFaH/XLQNUfTXaFZM6 wPdc5TRYPW3FbsZrCfTzFvgKMZvLrw1PR0T9+Jnl6me2
X-Google-Smtp-Source: ABdhPJw+JXKOcSqSb6SuHE9tPl4XgFivZEykZkJ3b0QvimA7JueBP7b7LLfm5Q9Vqm3O/22m1RwrZgKVO4anc9MmI14=
X-Received: by 2002:aca:c6cf:: with SMTP id w198mr168546oif.73.1626211313711; Tue, 13 Jul 2021 14:21:53 -0700 (PDT)
MIME-Version: 1.0
References: <CAHej_8=yvgXP2WgHayhGU2Hg2E0RcNgZBFjfw1cM-qKWkTG-+w@mail.gmail.com> <CAH48Zfys9cwTskjjdeJ14Y-wDBuqLseDEEiNvwC9BonLAwMyVw@mail.gmail.com> <CAHej_8mTF7DFwDiCHBq_mK40E+vuFS6iB+MQ3Co3pS=ZdqXkcg@mail.gmail.com>
In-Reply-To: <CAHej_8mTF7DFwDiCHBq_mK40E+vuFS6iB+MQ3Co3pS=ZdqXkcg@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Tue, 13 Jul 2021 17:21:40 -0400
Message-ID: <CAH48Zfy2enymaSpHXJ0EpBS29iunt-Dnm1H58vEsX4fc7LEdvA@mail.gmail.com>
To: Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000aefc7005c707d3f3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/28HvlSKdJrJ7pxID7xXny4Z-Veg>
Subject: Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 21:22:00 -0000
Thank you. I will review it. On Tue, Jul 13, 2021, 2:10 PM Todd Herr <todd.herr= 40valimail.com@dmarc.ietf.org> wrote: > On Tue, Jul 13, 2021 at 7:03 AM Douglas Foster < > dougfoster.emailstandards@gmail.com> wrote: > >> I understand that under the current specification, PCT has been useful >> because P=NONE with PCT=100 produces different results than QUARANTINE with >> PCT=0. This is an anomaly that I would hope we can fix, but if not, we >> need to specify that the only valid settings are PCT=0 or PCT=100. The >> specification should force numbers between 1 and 99 to be interpreted as >> either 0 or 100. >> >> The current PCT specification is fatally flawed because the denominator >> is undefined and unstable. Suppose that a domain owner concludes that most >> but not all of his traffic will produce DMARC PASS. Should the percentage >> be based on message volume or Source IP counts? Either way, the volume >> distribution received by any single evaluator will be different than the >> volume distribution sent out. >> >> But the larger problem is that the evaluator is performing a conditional >> probability, because the policy is only applied to messages that produce >> DMARC FAIL. If there is no impersonation, an unauthenticated message has >> a 100% probability of being legitimate. The denominator is determined by >> the volume of impersonation messages, not by the volume of legitimate >> messages. The percentage offered by the sending domain owner is useless. >> >> Next, assume that an accurate probability can be determined, and that 80% >> of unauthenticated messages are legitimate and 20% are impersonations. >> Does it make sense to apply that probability rule to >> message disposition? It will produce these results: >> >> Legitimate and DMARC ignored, message accepted = 80%*80% = 64% of total >> >> Legitimate and DMARC enforced, message blocked = 80%*20% = 16% of total >> >> Impersonation and DMARC ignored, message accepted = 20%*80% = 16% of total >> >> Impersonation and DMARC enforced, message blocked = 20%*20% = 4% of total >> >> Therefore, the correct decision is applied only 68% of the time, and the >> wrong decision is applied 32% of the time. This is unsatisfactory for >> protecting against ransomware, and also unsatisfactory for reliably >> delivering wanted messages. >> >> The actual volume of impersonating messages will be determined by the >> spammer, not by the domain owner, so the whole notion of choosing a >> percentage is flawed. The domain owner does not have the information >> needed to provide a usable percentage. The message evaluator can only >> determine the percentage by carefully examining many messages and >> categorizing the source. Once the source is categorized, guessing is no >> longer necessary and the percentage is irrelevant. >> >> >> > I believe you'll find that your ideas, or at least sentiments quite > similar to them, are captured in draft-ietf-dmarc-dmarcbis-02 > > First, draft-ietf-dmarc-dmarcbis-02 makes a small but substantial change > to the definition of the pct tag from what's currently in RFC 7489. Where > RFC 7489 reads: > > pct: (plain-text integer between 0 and 100, inclusive; OPTIONAL; > default is 100). Percentage of messages from the Domain Owner's > mail stream to which the DMARC policy is to be applied. > > > draft-ietf-dmarc-dmarcbis-02 instead starts with this text: > > pct: (plain-text integer between 0 and 100, inclusive; OPTIONAL; > > default is 100). For the RFC5322.From domain to which the DMARC > > record applies, the "pct" tag is the percentage of messages > > producing a DMARC result of "fail" to which the Domain Owner > wishes its preferred handling policy be applied. > > Since the concept of applying DMARC policy to messages that produce a > DMARC result of "pass" doesn't exist, it doesn't make sense to claim that > "pct" applies to the entire mailstream. > > Next, draft-ietf-dmarc-dmarcbis-02 contains a substantial rewrite of the > Message Sampling section (now section 6.7.4) that goes to great lengths to > attempt to show that the desired pct value really can't be counted on to be > applied as asked for, and what might actually happen could vary widely from > what's desired. > > https://datatracker.ietf.org/doc/draft-ietf-dmarc-dmarcbis/ > > > -- > > *Todd Herr* | Technical Director, Standards and Ecosystem > *e:* todd.herr@valimail.com > *m:* 703.220.4153 > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] Priming the Pump for Discussion - Ra… Todd Herr
- Re: [dmarc-ietf] Priming the Pump for Discussion … Dilyan Palauzov
- Re: [dmarc-ietf] Priming the Pump for Discussion … Alessandro Vesely
- Re: [dmarc-ietf] Priming the Pump for Discussion … John Levine
- Re: [dmarc-ietf] Priming the Pump for Discussion … Douglas Foster
- Re: [dmarc-ietf] Priming the Pump for Discussion … Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Todd Herr
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Douglas Foster
- Re: [dmarc-ietf] Priming the Pump for Discussion … Steven M Jones
- Re: [dmarc-ietf] Priming the Pump for Discussion … John Levine
- Re: [dmarc-ietf] Priming the Pump for Discussion … Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Todd Herr
- Re: [dmarc-ietf] Priming the Pump for Discussion … Jim Fenton
- Re: [dmarc-ietf] Priming the Pump for Discussion … Jim Fenton
- [dmarc-ietf] Fwd: Priming the Pump for Discussion… Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Douglas Foster
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Barry Leiba
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dotzero
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Benny Pedersen
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dotzero
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 tjw ietf
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Laura Atkins
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Steve Siirila
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Laura Atkins
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Laura Atkins
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Matthäus Wander
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Дилян Палаузов
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… John R Levine
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Benny Pedersen
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Douglas Foster
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… John Levine