Re: [dmarc-ietf] Abolishing DMARC policy quarantine

Brandon Long <blong@google.com> Thu, 01 August 2019 20:29 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 022511201EE for <dmarc@ietfa.amsl.com>; Thu, 1 Aug 2019 13:29:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ItEPjReUHHo2 for <dmarc@ietfa.amsl.com>; Thu, 1 Aug 2019 13:29:42 -0700 (PDT)
Received: from mail-ua1-x933.google.com (mail-ua1-x933.google.com [IPv6:2607:f8b0:4864:20::933]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 834A6120272 for <dmarc@ietf.org>; Thu, 1 Aug 2019 13:29:42 -0700 (PDT)
Received: by mail-ua1-x933.google.com with SMTP id j21so28867581uap.2 for <dmarc@ietf.org>; Thu, 01 Aug 2019 13:29:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=w5daKdZrCj++0lbOUYafJh6KdwmBA2fCR3QS3KGYEI8=; b=WKW8v2EIRLd2DKLommSZ3nBu8nLZW30a6tArb5/KhHAMtB/lhRn6k/Nazlgmf8TfPH nliahxXpO55jMpsPXL9YQalac38DKaLz7KwSTYYRHZ+DNKSUP2OPDSuqPsl6ADxIKAjV mZN0xucbyAzaesG0y/AflQ3xUo8YXtBosevcUovS9n1aKyIr1n2cEuxQXQdUbHfSvbjJ ZE07jbFVgUArYsVcwNiiB0MVWz6y1HTE2xX/xYIALX81mQtlMOiYGqq3e38m+8NY8/Ol yI0utbpKxt2K9ExZjldBhD6/GDV7YRIpz2Z6ZtU7wwM4h2Y2huRZo5sJ2bEfkoq7tYDw zsag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=w5daKdZrCj++0lbOUYafJh6KdwmBA2fCR3QS3KGYEI8=; b=Zyigxidm9+5sA0Ykh+oSX5cPCIpkseo5IpiEcIZLym1ZSl0575l2/p8f+5Ls2tCzk4 fcXwQxbiQ0vcAT77SuaZIVElWDh2a4m8R92nYgeaRYxpK0yWvaVvUY43vgI08YT3em+Y c7Sd0JI79q4RGcrpkqaaQsmU38+tRfgJV6w1kKswbkAE7eZkVK669wj0cebDUU2/uoXX ac8UkyfCq6uTZsU/Fjf71nzUG42kVo05wawW2lhkNIu3ufbZew+P5dFILzKXAq8dEoRk xCFhhvtjDtYRtiDFtIeC4EQcx7qzv/LSDP+ROVzNb0/Bh4ctMd8aFK5jOniAwlRslOqQ smCw==
X-Gm-Message-State: APjAAAXV69k9D23gwFkBNxQVskDZ4kb0uNKcdTb150N6AK1yn9+PMXwj i07P1EPrfqhtwDqRBtc1nFmg+ubQksG79MpWapUAo/E=
X-Google-Smtp-Source: APXvYqyM/8cwr/C3XwYiQPdHgwaT7wZc6KKL9sNTKkVMcBDBJgH3hkSJR+Wfw3OEm0Gu/IgFYDxxOfq9A3NQ8lkk9DU=
X-Received: by 2002:ab0:614d:: with SMTP id w13mr53511uan.66.1564691380971; Thu, 01 Aug 2019 13:29:40 -0700 (PDT)
MIME-Version: 1.0
References: <a8ac130a671f5bcd1bf9f09781325e84a9f1fda6.camel@aegee.org> <b903c983-5c65-5b17-62bf-9ff42ffdbaaa@corp.mail.ru> <CAJ4XoYeJRcGfO7LntM6LBeJ5rMOcb0D=ya31Rm8utoWTqE7oXQ@mail.gmail.com> <0295aa1e-733a-b3ae-14cb-edcb2050d6af@corp.mail.ru> <CAL0qLwYYEMofia2S4a8oXsf02fnJg7y+DovvMWZENUW+4yUyiw@mail.gmail.com> <36cba315-e738-ddec-0f6c-2e6086b69d11@corp.mail.ru> <70da228a75b94c28097ce0c25bc407d93e86c4c2.camel@aegee.org> <CAL0qLwbX4T5=EFZtwPPk9aYdUpR72c4r5t8SB1WETkpXEtUahQ@mail.gmail.com> <1951EFA7-0695-4B98-9CB1-3ECCEFEBF321@wordtothewise.com> <CAL0qLwbixESJypwDG3NMuv22+Lb3w-iHPok8xZf-hy3Fiu38EA@mail.gmail.com> <7DFCE75A-4D31-4DEF-BD12-F161EE8D2CA9@wordtothewise.com> <92880e84-be6d-302c-dd6e-0768638ee54a@tana.it> <88795b092c9d32bcaf49a4c02ead802dc3c22753.camel@aegee.org> <3b3e4f30-7060-b534-e5d7-46981d84e821@tana.it>
In-Reply-To: <3b3e4f30-7060-b534-e5d7-46981d84e821@tana.it>
From: Brandon Long <blong@google.com>
Date: Thu, 1 Aug 2019 13:29:29 -0700
Message-ID: <CABa8R6u7TbxWEGdtuUQhMZdT-K-6hpvc0fwE7wra_3nhQ1J8yg@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f2c33b058f141975"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/7orre39v7e0RIbFI4YSd1MfHPW4>
Subject: Re: [dmarc-ietf] Abolishing DMARC policy quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Aug 2019 20:29:46 -0000

On Tue, Jul 30, 2019 at 1:27 AM Alessandro Vesely <vesely@tana.it>; wrote:

>
> On multiple policies, only 4 of the latter 34 have p=quarantine;
> sp=reject; the
> other 30 have p=reject; sp=quarantine.  By comparison, the previous 73 + 45
> have about the same ratio of p=hard/p=none; 45/28 for reject and 29/16 for
> quarantine, so some 63% of those have p=hard; sp=none.  Can one infer from
> here
> the intent of the 30 p=reject; sp=quarantine?
>

They've validated that all the senders for the main domain are authing, but
haven't done so for the
sub-domains.  Or they don't send from the primary domain.


> My feeling while looking at that data is that 'reject' is sometimes
> considered
> /better/ than 'quarantine', which I don't think is true.  This confusion
> can
> originate from the sequential order implied by that passage of Section
> 6.6.4
> that Steve quoted.  I agree that that Section needs to be amended.  In
> particular, the effect of pct=0 on From: rewriting should be mentioned.


I think many folks do think of it progressively.  For example, quarantine
can be overridden by the
recipient, by filter or manually looking, whereas reject typically can only
be overridden by the
administrator.

Quarantine also means that some percentage of people can fall for the
spam/phish even if it's quarantined,
whereas a reject is never seen by the receiver.

Reject seems to be the end goal, but folks have a hard time getting there
(hence the many companies sprung up
to help people get there).  Quarantine is a stepping stone because of the
ability to override, and the visibility by the
receivers (presumably the point of email is that the receivers want it)

Brandon