Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

Jesse Thompson <jesse.thompson@wisc.edu> Wed, 09 December 2020 22:37 UTC

Return-Path: <jesse.thompson@wisc.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E90F3A1784 for <dmarc@ietfa.amsl.com>; Wed, 9 Dec 2020 14:37:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wisc.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QYQuoTYq9ssm for <dmarc@ietfa.amsl.com>; Wed, 9 Dec 2020 14:37:53 -0800 (PST)
Received: from wmauth4.doit.wisc.edu (wmauth4.doit.wisc.edu [144.92.197.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFD9C3A1782 for <dmarc@ietf.org>; Wed, 9 Dec 2020 14:37:53 -0800 (PST)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2106.outbound.protection.outlook.com [104.47.70.106]) by smtpauth4.wiscmail.wisc.edu (Oracle Communications Messaging Server 8.0.2.4.20190812 64bit (built Aug 12 2019)) with ESMTPS id <0QL30376PFUMV7A0@smtpauth4.wiscmail.wisc.edu> for dmarc@ietf.org; Wed, 09 Dec 2020 16:30:23 -0600 (CST)
X-Wisc-Env-From-B64: amVzc2UudGhvbXBzb25Ad2lzYy5lZHU=
X-Spam-PmxInfo: Server=avs-4, Version=6.4.7.2805085, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.12.9.222717, AntiVirus-Engine: 5.79.0, AntiVirus-Data: 2020.11.19.5790001, SenderIP=[104.47.70.106]
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Norr3KCs1HCaCOJ6aK1l+cd6oe47jGSVYvxzR2hnEgjcfJaPLPFRNP7110GcfrOkEN8yOzOJTsA6PS3nKtToCSJKIvlLqTbmdR3ySQQCLf/z8r7i+GtHfW4dye/2SlSs0COpcCDJQzlneqOUfCYO4v6gWN8cM+DvxUFzeBqh5x7qTddb6FO/lB79ugQSy82q9QxYWF5O9GuBn5GebkR1GoNT0FeujR6LxfPFy3y8GDFlKJE5VCXmax/hIf95nSYgFey6P4L0BYhaz2H3pI0OtWjFBU+eulpjSQia2aaB8uGEpQitJFDczr3zMQLfxunxlAqG0NmQfDnx/kXllyz/pQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u2t18IqD9JCXvzl/tmg/Ry15vuKNtmKfFvRbi8Cugsk=; b=TR5yntnTjLx16GM80sf6hd8M0VOfHAm3KH3jbKYj+Y8CQesYtaQrtc5Ngii25jyRSMaOXTQQy8SW4JPquwWNIRrY9wiRT8wtIAjXcrY2lWtVjLv0CwE1koXy4ZD2os1LoycCvFF5lXXA7q4jMe6QbIpmK4pYDeIq0u77aFvsAtJyHBi4ZoBnJjPzNtWeQL2k8c9o2v6J4Zi8z8tFzc66uLAfuXuI4+fovN0Aze+4f5+HBm8Artq7J/sE+YaFwqPyvDdUK+wk44hZMaaZ1SeE0zSx1leehnYUbK09ACagLiq9t7kEm5cLL1SppsibD5I/J/oIrdLEowbR9eD8+kRzWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wisc.edu; dmarc=pass action=none header.from=wisc.edu; dkim=pass header.d=wisc.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wisc.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u2t18IqD9JCXvzl/tmg/Ry15vuKNtmKfFvRbi8Cugsk=; b=pCRqoV6VBJ6RuZWvd8jtUcWTQNU66UAaQb3xxV9QxS8G+MDzfRkwgcalIhULUuU/XMcXY0wRG1hyPXOOfUs0+Zgjbv9JCtHv6lp0tv7rEam3aOpvHPmCYPbFVB2I/kDkE8x4aekVnmRG01zzhEaYApByHrGwMD+MNYpg0y7Nvyo=
Received: from PH0PR06MB7061.namprd06.prod.outlook.com (2603:10b6:510:21::8) by PH0PR06MB7031.namprd06.prod.outlook.com (2603:10b6:510:26::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Wed, 9 Dec 2020 22:30:22 +0000
Received: from PH0PR06MB7061.namprd06.prod.outlook.com ([fe80::51ec:c9cd:3511:1bcc]) by PH0PR06MB7061.namprd06.prod.outlook.com ([fe80::51ec:c9cd:3511:1bcc%6]) with mapi id 15.20.3632.021; Wed, 9 Dec 2020 22:30:21 +0000
To: dmarc@ietf.org
References: <a49a7a79-6c52-ded7-60a3-754cd12fb7c3@taugh.com> <5C559553-3F45-494D-9714-F7BC47BB82FF@wordtothewise.com> <B3AD64BB-1636-4632-ABB5-96E675CDC5F1@bluepopcorn.net> <2F1BED43-5AE5-42BC-AA45-67C5FDAF6CB8@wordtothewise.com> <CAHej_8=qwDDYA3i9tb_t-EjtJXabq1X_pstRpuAp_wwgFUcHDA@mail.gmail.com>
From: Jesse Thompson <jesse.thompson@wisc.edu>
Message-id: <44dcdc6e-439b-36af-22ee-c2b6fc40ff59@wisc.edu>
Date: Wed, 9 Dec 2020 16:30:19 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
In-reply-to: <CAHej_8=qwDDYA3i9tb_t-EjtJXabq1X_pstRpuAp_wwgFUcHDA@mail.gmail.com>
Content-type: text/plain; charset=utf-8
Content-language: en-US
Content-transfer-encoding: 8bit
X-Originating-IP: [47.12.96.133]
X-ClientProxiedBy: CH2PR08CA0002.namprd08.prod.outlook.com (2603:10b6:610:5a::12) To PH0PR06MB7061.namprd06.prod.outlook.com (2603:10b6:510:21::8)
MIME-version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.0.2.111] (47.12.96.133) by CH2PR08CA0002.namprd08.prod.outlook.com (2603:10b6:610:5a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Wed, 9 Dec 2020 22:30:21 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: f21847c1-470b-463e-039c-08d89c92040c
X-MS-TrafficTypeDiagnostic: PH0PR06MB7031:
X-Microsoft-Antispam-PRVS: <PH0PR06MB7031C545A24DD5FC3869AE89F6CC0@PH0PR06MB7031.namprd06.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Obd5NEsdqWZcOGiy5u/MpU8MgKaJmxRpVm2T2fRIg52MEC/sL2zqJzwe/Udkhe/9vYXSzC/NKsr+22v8uPwUUi1U6TIaQ7i27DnBrwjRadEAqGpjVvPhg0XDa6UxfeJAxIJ1LfFjWBNXUsOGlilww4mLGrSCV4xyJdnnP6TqHhQG24xTSEofSsnVlX8MKvRbCwIax1GCGDsJKl8orWFSZ3F31lN94tcrM/nbUv/KLnQSFWMOHd41hxE31maJFqXJdXuKK1e/D3AnZVnbl7/GkW4NovIwgGHqQQVR0pval44+UAkLG928CvDLattHkzsILaMRIdHpB9vp6jIGL1aqI29nv/LlGOpn9DMiRBM3d30qVA69NG5BzH7EfwOx8XJXCFS7BKycH9cNncso2YXd8l5akpYmS6QVAmFM3ePPTH0=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR06MB7061.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(346002)(376002)(366004)(956004)(44832011)(508600001)(786003)(86362001)(75432002)(36756003)(31686004)(16576012)(16526019)(6916009)(53546011)(2616005)(26005)(6486002)(186003)(31696002)(66946007)(8936002)(2906002)(66556008)(83380400001)(66476007)(8676002)(5660300002)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?Z0R1UENmVXluTGhZd0gvMTB5eHNEa0JmSUJlWTBqRFdoaTl6bDdTZEFRSkFy?= =?utf-8?B?eURjSWNCNTA1Y05aazJpNTAwK3ExZ1I4ejNuV1JjdEVsZFk0cmszUk54L2Rx?= =?utf-8?B?OWt0Y0RiMnJ6R2VhaFRGR1A3RXlsSnhhWGd6ZHBManNPYk1ZdTQzRVQrOE54?= =?utf-8?B?WFhTNWp5OGVMSVlPdVhLN0J1OUVpbXJxWHZEajFYcTlYRUkvUEhjUUx6blZo?= =?utf-8?B?eFNKbU1kWU5BMmxKYk0veHNUNFlYVkt2TUxPQTNKd05xQk5vSDhucXlGRGhM?= =?utf-8?B?RkxYdnhjUVFreWNEanhkVWZEdkp2L3BIcDJidmhaV3ZGMVlzZk9WOXJ1R1VQ?= =?utf-8?B?TlhmUXdzWkh0bjVxQWV0VGpGNXE0TTdxZ0JmakJZQTBBV2s5T0V3YnVIUVJ3?= =?utf-8?B?Q0dTVWkvUWl6ekIvdUpjUEFEZEs1M1NwZE5yRkJySDY0UGJTTCtlNDVlYzA1?= =?utf-8?B?MHRWT0dXY3dNWFo3eUl3aUdIMk80NTV6U0UxaGpQSUZuc1dxM0RsejFTSDRE?= =?utf-8?B?NkZWUHQzS3o0K3NJdUp5UE5CY1c2VE1FUC9KSmhvYkJWeXdsbTd0TnBkVCtW?= =?utf-8?B?c1dpWkV6Mnl3elp0NmFONUlrRHhiUzVHV21ZV0tjM09pdVhMS0VaV3dtcHc0?= =?utf-8?B?OHhHY2g4aXpnRFZVV0pySnAzMk5IZE9UcjI5L0hqUlhRM1lTbDEwRkszNzNN?= =?utf-8?B?bkFqa2hDYnVGMWovWFlUVzBsVi9iQjBnVVlzazJ1dDEwYUpta2gzaTVEWUVP?= =?utf-8?B?N2xZd2R1MURKY1VjNTdvY2ZsUnd5NkZadU9oOHI3Ny9NVnkyWDBndE4veVd5?= =?utf-8?B?aS9WUnhMVm5GUjhWR2FNUzZwVW12a1lvN29hZFFkeHdYa3F1d1pBdit5RmQz?= =?utf-8?B?T2xSVUZwbXlBM3pvcjc3Mk9LTkw4RjNqYVFIZ1kzMWxNUkh6czVEaEozaDly?= =?utf-8?B?bmRzV0F0QndwNGg1T2FyeTZsejBmVUx5TEZ6RkdGTnN5ZHRsa2pVVUtLYklI?= =?utf-8?B?N0IxR0ZSaS9Scms2dVZVZU5VaitTU3hScGNKZ3RqbStad0dWdjArb011dVRz?= =?utf-8?B?SFo4UjVOWlVWWmN4eGl1ZkJ4WlBRaUJldzZ4RmtyaFdXMGVQd3NFdjZoOUxS?= =?utf-8?B?ajVRY0F2bStwUHA2bVBpa3o5bUZ1UlRXS0FyTk1ZZHlLeHVCTjFNcmtxR0dR?= =?utf-8?B?bkQvN3hHUVRTeXRrYzB0NkN4d2VXMlUvTnlHK2llQysxNjgwSVNNQk5WY0JK?= =?utf-8?B?eGZxWXpha1NMMFcwcVZPZzhoY1pvZElqSGc2OTBreGhxeUdGdEY4djg1MDRs?= =?utf-8?Q?tHkL1Q1SLiQRMIcRQtggowooL/Gb1K/1ju?=
X-OriginatorOrg: wisc.edu
X-MS-Exchange-CrossTenant-AuthSource: PH0PR06MB7061.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2020 22:30:21.8864 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 2ca68321-0eda-4908-88b2-424a8cb4b0f9
X-MS-Exchange-CrossTenant-Network-Message-Id: f21847c1-470b-463e-039c-08d89c92040c
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 8gOm7WFw8W/1Dx47GS0B7kXs1e0z6HzXh3jcg8PjUjsLp69z+OwliQbVdh1E2ZL5xnEbRN4aj46fz6scgGSFBw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR06MB7031
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/A6b60CRExKR-mAV5lafMPiPljms>
Subject: Re: [dmarc-ietf] Ticket #39 - remove p=quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2020 22:37:55 -0000

On 12/3/20 8:21 AM, Todd Herr wrote:
> On Thu, Dec 3, 2020 at 4:28 AM Laura Atkins <laura@wordtothewise.com <mailto:laura@wordtothewise.com>> wrote:
> 
> 
> 
>>     On 3 Dec 2020, at 06:03, Jim Fenton <fenton@bluepopcorn.net <mailto:fenton@bluepopcorn.net>> wrote:
>>
>>     On 2 Dec 2020, at 1:47, Laura Atkins wrote:
>>
>>>     p=quarantine is quite useful, particularly for those folks who are trying to get to a p=reject state.
>>>
>>>     In practice, senders who publish p=none don’t find all of the indirect mail flows as some mailing lists do nothing to transform the 5322.from address for a p=none policy. Senders have found that when they switch from p=none to p=quarantine pct=0 they regularly find mail that was not failing for a p=none.
>>
>>     I’m really confused by this. It sounds like the 5322.from address rewriting is creating additional errors that didn’t exist beforehand, and that’s the opposite of the intended purpose. Isn’t the purpose of rewriting the 5322.from address to change the domain to that of the mediator, which should redirect reporting to the mediator rather than the original sender?
> 
>     What I am trying to say is that as I understand it from the folks who professionally deploy DMARC, they regularly use p=quarantine pct=0 as part of the deployment process. There are DMARC failures that go undetected in a p=none situation but that is detected in a p=quarantine  pct=0 situation.  My understanding was this was related to indirect flows through mailing lists and how mailing lists are handling the header transformation but it’s possible I got that piece incorrect. 
> 
> 
> Time was (and may still be) that there was a very specific type of mailing list for which p=quarantine, pct=0 was required to get accurate DMARC reporting, and that was for mail that transited Google groups. There've been a couple of public discussions of the topic over on mailop, including a thread from April 2018 with the subject of "DMARC p=quarantine pct=0". 

p=quarantine pct=0 is a very useful strategy

1) It allowed us to find the mailing lists that don't munge from the From header - which would subsequently be problematic once we moved to pct=100

2) It allowed us to segregate the user complaints.  With a large change initiative you need to reduce the number of uncontrolled variables at any one time.  If we went straight to pct=100 then there would be a mix of people complaining about from munging mixed in with complaints about delivery.  Confusion would ensue and the entire premise of DMARC would have been called into question.  By using an incremental process it's easier to deflect people complaining about the Stage 1 problems after moving to Stage 2.

3) It allowed us to discover email receivers who ignore pct.  It was annoying, but also a convenient gift in disguise, since it allowed us to innocently blame the receiver when non-compliant senders objected to the necessary DMARC adaptations.

Jesse