IETF Logo Mail Archive

Re: [dmarc-ietf] Abolishing DMARC policy quarantine

Alessandro Vesely <vesely@tana.it> Tue, 30 July 2019 08:27 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C59E912012A for <dmarc@ietfa.amsl.com>; Tue, 30 Jul 2019 01:27:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BIGNUM_EMAILS=2.65, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sNve7Ij0Q_Bp for <dmarc@ietfa.amsl.com>; Tue, 30 Jul 2019 01:27:28 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A74831200EF for <dmarc@ietf.org>; Tue, 30 Jul 2019 01:27:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1564475246; bh=eFyyr4K3DUL1sqmeEDhwGpXI9H5RI80y2WCzBJyNsnM=; l=2280; h=To:References:From:Date:In-Reply-To; b=DVg4gk2bFcV0q584nUVHK1IUR3mUEJYSSMIU1j3Xye+1ZdfotTl7MQccPQn/oVkl0 Mk/1CYZURjSvhvdJYdWAATsn107yU39qGD+LpSTKib5+/IU4u78K2Qk2d7ZkmEbdGF KGvYgl4Yqc2S8lXmz+ds/ksP5t5+ze8zO0xAFQTQzqxfRM4OTWFojzqwIDsMT
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC07B.000000005D3FFF6E.00000536; Tue, 30 Jul 2019 10:27:26 +0200
To: dmarc@ietf.org
References: <a8ac130a671f5bcd1bf9f09781325e84a9f1fda6.camel@aegee.org> <b903c983-5c65-5b17-62bf-9ff42ffdbaaa@corp.mail.ru> <CAJ4XoYeJRcGfO7LntM6LBeJ5rMOcb0D=ya31Rm8utoWTqE7oXQ@mail.gmail.com> <0295aa1e-733a-b3ae-14cb-edcb2050d6af@corp.mail.ru> <CAL0qLwYYEMofia2S4a8oXsf02fnJg7y+DovvMWZENUW+4yUyiw@mail.gmail.com> <36cba315-e738-ddec-0f6c-2e6086b69d11@corp.mail.ru> <70da228a75b94c28097ce0c25bc407d93e86c4c2.camel@aegee.org> <CAL0qLwbX4T5=EFZtwPPk9aYdUpR72c4r5t8SB1WETkpXEtUahQ@mail.gmail.com> <1951EFA7-0695-4B98-9CB1-3ECCEFEBF321@wordtothewise.com> <CAL0qLwbixESJypwDG3NMuv22+Lb3w-iHPok8xZf-hy3Fiu38EA@mail.gmail.com> <7DFCE75A-4D31-4DEF-BD12-F161EE8D2CA9@wordtothewise.com> <92880e84-be6d-302c-dd6e-0768638ee54a@tana.it> <88795b092c9d32bcaf49a4c02ead802dc3c22753.camel@aegee.org>
From: Alessandro Vesely <vesely@tana.it>
Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00
Message-ID: <3b3e4f30-7060-b534-e5d7-46981d84e821@tana.it>
Date: Tue, 30 Jul 2019 10:27:26 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <88795b092c9d32bcaf49a4c02ead802dc3c22753.camel@aegee.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9O7LczLOXohsM7uvjdLUv7M5gbI>
Subject: Re: [dmarc-ietf] Abolishing DMARC policy quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 08:27:30 -0000

On Sun 28/Jul/2019 12:49:12 +0200 Дилян Палаузов wrote:

> The penalty could be implemented with reply
> 550 Message failed DMARC validation and was delivered in the Junk folder of the recipient
> 


Usually, receiving MTAs drop the message after replying 5xx.


> If an ESP wants to forget about delivery, the ESP likely does not care
> whether it has implemented DMARC correctly and then it does not need
> quarantine mode.

They may want to protect their brand, avoiding that more spam be attributed to
them than what they actually generated.


> • If policy quarantine will be kept, will the none>quarantine>reject order
> be abolished, meaning “quarantine” will not be handled as softer variant of
> “reject”?  Meaning with p=reject; pct=30 messages are either delivered or
> rejected, but the specification does state anything about quaratining 70% of
> the failed messages.

I can hardly corroborate my analysis by looking at what I received.  My DB of
sending domains has:

96260 domain names, of which
55110 are organizational domains;
 3887 have DMARC records, of which
 3046 have policy 'none',
  418 have policy 'reject',
  271 have policy 'quarantine',
   73 have both 'none' and 'reject',
   45 have both 'none' and 'quarantine',
   34 have both 'quarantine' and 'reject'.

393 of those DMARC domains are not organizational domains, yet 79 of them also
specify sp=.  There is some confusion about how to setup DMARC; some easy howto
seems to be missing.

On multiple policies, only 4 of the latter 34 have p=quarantine; sp=reject; the
other 30 have p=reject; sp=quarantine.  By comparison, the previous 73 + 45
have about the same ratio of p=hard/p=none; 45/28 for reject and 29/16 for
quarantine, so some 63% of those have p=hard; sp=none.  Can one infer from here
the intent of the 30 p=reject; sp=quarantine?

My feeling while looking at that data is that 'reject' is sometimes considered
/better/ than 'quarantine', which I don't think is true.  This confusion can
originate from the sequential order implied by that passage of Section 6.6.4
that Steve quoted.  I agree that that Section needs to be amended.  In
particular, the effect of pct=0 on From: rewriting should be mentioned.


Best
Ale
--

v2.23.0 | Report a Bug | By Email