Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

Brandon Long <blong@google.com> Tue, 08 December 2020 01:55 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EC3E3A0C62 for <dmarc@ietfa.amsl.com>; Mon, 7 Dec 2020 17:55:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.6
X-Spam-Level:
X-Spam-Status: No, score=-17.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C9suORxCnZ22 for <dmarc@ietfa.amsl.com>; Mon, 7 Dec 2020 17:55:29 -0800 (PST)
Received: from mail-vs1-xe33.google.com (mail-vs1-xe33.google.com [IPv6:2607:f8b0:4864:20::e33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D796A3A0C11 for <dmarc@ietf.org>; Mon, 7 Dec 2020 17:55:28 -0800 (PST)
Received: by mail-vs1-xe33.google.com with SMTP id h6so8725216vsr.6 for <dmarc@ietf.org>; Mon, 07 Dec 2020 17:55:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OXIxc1d0NSbhipS5vyd5xOYDfoYWwn+5pnUvsvBRKmo=; b=X3qNxHlB2O/OCEeFpNXQIx/I2uFSjOJ51IixfddcF8IwOhrTRO/AWfMLcXojUrJvpu 3tkEkMvMUKW2Rm/eVt5uWLjyZlg3ijniPm/hGvLFdYHxArpDvyp0iEdXKCq5mCw4hdUg wm/Gaz0gtIe4bOuoB7xoYIAiREdNWjuk+FMRZ6fbGADEKwJKXKwP9SJiwlptiRMQdVc2 n7hNtIfyElVpnR2nzEWCtfQ8pUmnfosBTDCxdyR4SO6QDnJSHncWcNvGMc2Dcr7kZDWM g1jdIhfsqr82glWxw3AAUWtAzl5KtTRTeHJyRklgAGeSpUv8TC3PGOOAOU7K6Abn2vwZ ftBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OXIxc1d0NSbhipS5vyd5xOYDfoYWwn+5pnUvsvBRKmo=; b=gIFIcUbS2adEVOe2lrwe5Ow9gKBNSbUAF2EguO4e8xd5BOf29WyRFnxvBP0TdMMX5I ZR72FN5dsWC5kANAIb6yB22Oen08OshcD0jUmwbziOYuRJIu2az76jMO/5dWlf557+1K ygJKT0hRPPaj6AFv9JLEUjIZlue228hpGG7YGL0yplEVvvMX3fHBx4dFZCYe1Y/f8Lpu +RmwQcfkO3WxiKAt//oXGUSDlBZ3Qwb00B+xGtwCz80pSgCOwDghKJJSs53OIcCb/VSy nfySBawwdADe+PL2kBUMz2Rjp9lc0+W8YRkUjiGC9odtdhZO4PsYGH/2Q/G1hCNRz3vs qM3g==
X-Gm-Message-State: AOAM533C6rGCmv4JXzYSukwWPOGdr8LgKeEfCh25f/VQsm5eqH1Ht9Zp 1iqESoawZDGcDm0uWcNxAkNR1KmDsNrKpaaOIAEb
X-Google-Smtp-Source: ABdhPJwxbxOrg49fgJDfLAbAqZoSiSPQSXu1y7+V1UKoIlnRoThZHue4CqEFat5gxjO+zF2zQCm38O64MslHHA0wyHA=
X-Received: by 2002:a67:e90d:: with SMTP id c13mr14685847vso.0.1607392527593; Mon, 07 Dec 2020 17:55:27 -0800 (PST)
MIME-Version: 1.0
References: <20201202021651.E8EE128C576A@ary.qy> <327860af-2fa7-63ee-4b89-6e7e383f3d53@crash.com> <2804da89-84d1-f601-9425-0b0d9baf6ae1@gmail.com> <1f6cae74-4eed-47f5-7249-e526bf1f5845@crash.com> <df11af30-2c27-0d69-97ba-bc058116c044@gmail.com> <87y2ig9t9i.fsf@orion.amorsen.dk> <CAJ4XoYeZXKKZpvtT2FcYouSsNur7=6d0PqSRnErVPQw6zCMW_A@mail.gmail.com> <CAL0qLwb=Vo63Q74r8N31STxbE2YN4+TMq_=yjr+cdMEJQ0m6Mg@mail.gmail.com>
In-Reply-To: <CAL0qLwb=Vo63Q74r8N31STxbE2YN4+TMq_=yjr+cdMEJQ0m6Mg@mail.gmail.com>
From: Brandon Long <blong@google.com>
Date: Mon, 7 Dec 2020 17:55:15 -0800
Message-ID: <CABa8R6uTadmZ-O23w-c3qMHmhofnsuB68_ski8-Q0OFDuQYZmw@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: Dotzero <dotzero@gmail.com>, IETF DMARC WG <dmarc@ietf.org>, Benny Lyne Amorsen <benny+usenet@amorsen.dk>
Content-Type: multipart/alternative; boundary="0000000000009f933905b5ea3cc7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/BZDkmp8gAwjAGuTM0SljVzrAMAw>
Subject: Re: [dmarc-ietf] Ticket #39 - remove p=quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 01:55:30 -0000

On Wed, Dec 2, 2020 at 11:09 AM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Wed, Dec 2, 2020 at 6:47 AM Dotzero <dotzero@gmail.com> wrote:
>
>> p= DID NOT mistakenly choose to use the language of receiver actions. p=
>> represents the domain-owner request to the receiver as to the disposition
>> of messages which fail to validate. Any reading of "concern" is supposition
>> on the part of yourself or other self appointed interpreters of the mind of
>> the domain-owner or administrator. The vocabulary is perfectly fine as it
>> accurately describes the request being made. It makes no attempt to read
>> the underlying reasoning behind the request because, surprisingly, there is
>> likely to be a wide range of underlying reasoning behind why various
>> domains publish the policies they publish. This is an interoperability
>> standard, not a seance.
>>
>
> Not sure I agree.
>
> I have long held a quiet dislike for "quarantine" because that has a
> particular meaning to milter implementations.  Specifically, milter can
> render one of several final results about a message, one of which is
> actually called "quarantine".  It means "park this in the queue
> indefinitely until a human decides what to do with it."  There's no
> indication to the operator that such a job is waiting for review unless one
> goes and looks for such things.  The upshot of this is that quarantining in
> that environment can become a denial of service attack if I send you enough
> messages that end up getting handled that way and your queue disk fills, or
> the queue takes an inordinately long time to process because these have
> piled up and need to be inspected.
>
> Certainly not all implementers will trip on this (maybe none will) but
> it's an argument to me in favor of picking a word or set of words that
> describe what the domain owner thinks of the message, rather than what the
> domain owner thinks you should do with it.
>

Hmm, reading this thread, I think one missing feature in the dmarc spec is
passing the expected disposition in the authres header, since presumably
the evaluation is at smtp time, but the mailbox
delivery itself would need to know it.  One could use the dmarc= names and
look up the dmarc policy itself to also figure that out with some amount of
work.

I know that Gmail and others put that information in the comments, but that
probably shouldn't be for something explicitly part of the spec like this.

Anyways, +1 to keeping p=quarantine as a concept, but willing to go along
with the consensus on naming.

Brandon