Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

Dave Crocker <> Wed, 02 December 2020 14:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 825493A1411 for <>; Wed, 2 Dec 2020 06:13:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cSKsO26z5qBu for <>; Wed, 2 Dec 2020 06:13:48 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 665B73A0A81 for <>; Wed, 2 Dec 2020 06:13:48 -0800 (PST)
Received: by with SMTP id w4so1127619pgg.13 for <>; Wed, 02 Dec 2020 06:13:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=VTS/ZyC/K+YZ1JRoBmUtoWxYujtYm72ILVz6UtTId7c=; b=atHplQfVLjaLk6Fsuo0H3V43pkaGeUulnvPlrsMi4YcAK+GGM7uS0AS5OqgGhvJ9J2 WEELaPc6VmkOFgUTfnje3+vcTGhxPaB+b1zZxmf51AQNaaryPv2FqFLMz1KSZpE7+6wX z1MkZVRIyeuTuSxwSR6TEnRNyUhHnb8jsLcG/y/v3gadLWF6deAJ/fINLC1RHOvYwskS FwU36x9JEA2gaSBNDSDv8CWwwg6KBv1GVO+HmaQT/Eiz38refdnghMbeYuW0Chupat7V NUpm9xZBd9L41y0/PqxYBRQkfwFnbxZvP34aGBPgWlAnxCK0iAZV3xpihe1WUwS3UwQz KUMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=VTS/ZyC/K+YZ1JRoBmUtoWxYujtYm72ILVz6UtTId7c=; b=N7Ho0vhBg1kjWJ612JQM02B3ZaeKFMf+qJdHn21i8McD/NqxHteYDCv9YL7mRefoXC kTt7lF/tn0MZniWGI2RZtd3RrF5i6aw0PgjG9i0A1wCSJnLWXnjbzooli8EUVk6SCnPj tmGyYwdOT3exRmkAlMEoGrsmlPI+x3kmJpAogJPDIIBA3omunNkRrollaFP3drT4WNGR AGWsvno8zQMtRyTK6K0pwUjwXaSKHqU/9Xj0qIqSjyTZMDEIewdRphZylNITlk8VPfoO O6FzVZST4UiCWNkqlxLEBGDQNFnE+O60OsaK/oyBybRW8rw1aQbdCoQLmgeV56BHLIwf 7rLA==
X-Gm-Message-State: AOAM530Tg4Z9w0TqCs7FIc/SsnNNgH+S8eYJOP3bvw1RZcy6XZxcdfea WvBXlQbMtNW8JaqGM7MpS6N+waDl7oE=
X-Google-Smtp-Source: ABdhPJz0QrgmzdvPz6/YSGJ3xdKTFblEJz8MLFaAoIQkFPRvUBl68/axsLBxwHQH6MnPMxXwqfVJXQ==
X-Received: by 2002:a63:b60:: with SMTP id a32mr48020pgl.275.1606918427669; Wed, 02 Dec 2020 06:13:47 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id c3sm32851pgm.41.2020. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 02 Dec 2020 06:13:46 -0800 (PST)
To: Dotzero <>, IETF DMARC WG <>
References: <> <> <> <> <> <> <>
From: Dave Crocker <>
Message-ID: <>
Date: Wed, 2 Dec 2020 06:13:44 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] Ticket #39 - remove p=quarantine
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 Dec 2020 14:13:50 -0000

On 12/2/2020 5:17 AM, Dotzero wrote:
> You are absolutely correct. It also doesn't prevent direct domain 
> abuse when someone uses snail mail.

I suppose, with some effort, you could have offered an even less useful 
example.  But since I was being quite serious about the qualification I 
offered and since it's important to be clear about DMARC's scope of 
utility, a more useful example is that DMARC does nothing about use of 
the domain name anywhere else in a message. Not the display name, not 
the Subject line and not the Body.

As mitigation of direct abuse goes, that means that DMARC's scope of 
mitigation is impressively narrow.

For most things involving significant threats, such a narrow effect 
would not comfortably be described with the implication of such a 
broader scope as you (and others) use.


Dave Crocker

Volunteer, Silicon Valley Chapter
American Red Cross