Re: [dmarc-ietf] Abolishing DMARC policy quarantine

Hector Santos <> Thu, 01 August 2019 13:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 572C012015A for <>; Thu, 1 Aug 2019 06:48:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=ADZ366Au; dkim=pass (1024-bit key) header.b=xwMxcVNn
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5TWWuT9z39-M for <>; Thu, 1 Aug 2019 06:48:48 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 041F512008B for <>; Thu, 1 Aug 2019 06:48:47 -0700 (PDT)
DKIM-Signature: v=1;; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2387; t=1564667319;; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=8NpkbTbMGXmeq/1apykvKaUOlnw=; b=ADZ366AugMxIOpsMlDs8KcXzHahKhwAXqrLEn/cZqagavhfYNEi4cl7cqKlI14 l1YbYVZ4wcDDmK0HSTV/Ptqbn5+9Yio3VSU+MAVTtjC90lEphmqiTi7s0zVEbhDD jBkGHcqKodrKeCWaboAk/9xG81Zek4U+E0WQBZg0jOpCA=
Received: by (Wildcat! SMTP Router v8.0.454.8) for; Thu, 01 Aug 2019 09:48:39 -0400
Authentication-Results:; dkim=pass header.s=tms1; adsp=none; dmarc=pass policy=reject (atps signer);
Received: from ([]) by (Wildcat! SMTP v8.0.454.8) with ESMTP id 1164740237.61696.5164; Thu, 01 Aug 2019 09:48:37 -0400
DKIM-Signature: v=1;; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2387; t=1564667311; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=4llHHp/ Vf/n/mb6UNbg8nX5tboqrP+q+4ard612C+hM=; b=xwMxcVNn1eLMYgcVACERdN9 tfQW6zBsDjpxQ19VvGWQo21iYea4C2jdTQIVboHkyHImc8hL6F5pqovNoysgsFf5 z6P/Ly18QYMl2Lxv8759U1PgrHKWkWbioIvfriLeFmG42OWA/cIJzDpXkujgW+kg IPL2kXTDWNbJDQuBKgkw=
Received: by (Wildcat! SMTP Router v8.0.454.8) for; Thu, 01 Aug 2019 09:48:30 -0400
Received: from [] ([]) by (Wildcat! SMTP v8.0.454.8) with ESMTP id 18222671.9.1860; Thu, 01 Aug 2019 09:48:29 -0400
Message-ID: <>
Date: Thu, 01 Aug 2019 09:48:37 -0400
From: Hector Santos <>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: "Murray S. Kucherawy" <>, Tim Wicinski <>
CC: IETF DMARC WG <>, =?UTF-8?B?0JTQuNC70Y/QvSDQn9Cw0LvQsNGD?= =?UTF-8?B?0LfQvtCy?= <>, Alessandro Vesely <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [dmarc-ietf] Abolishing DMARC policy quarantine
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 01 Aug 2019 13:48:50 -0000

On 7/31/2019 11:32 PM, Murray S. Kucherawy wrote:

> On Sun, Jul 28, 2019 at 6:37 AM Tim Wicinski <
> <>> wrote:
>      From our end user point of view, I'm against abolishing
>     quarantine, even with its current shortcomings.
> Why's that?
> -MSK, also hatless

My opinion.

How the receiver implements mail filters SHOULD always remain as local 

We have always kept the concept open ended for all the DKIM Author 
Domain policy proposals, including SPF where hard failures (SPF -ALL, 
SSP Exclusive Policy, ADSP DISCARDABLE, DMARC reject/quarantine are 
hard failures) can be handled as follows:

1- Immediate permanent rejection at SMTP
1.1 - with SPF before or after DATA state.
1.2 - with a DKIM POLICY after DATA state
2- Accept at SMTP, disconnect, silent discard.
3- Accept at SMTP, disconnect, import into User's non-primary in-box, 
if any.

With a reject policy, the Author Domain prefers #1 or #2. but it can 
be implemented all three ways by the receiver. The ultimate outcome is 
a domain preference for rejectable failures not to reach the user's 
eye balls.

With quarantine, the Author Domain is requesting #3 type of mail 
handling because of concerns for false positives.  Allow the user to 
see the mail, just in case.

But what if the implementation site does not offer a "Quarantine" mail 
storage capable design model?  If this type of implementation is not 
acceptable per DMARC design specification, then the spec will need to 
state this possibility:

   For Quarantine Policy support, the implementation SHOULD offer a 
   user mail folder storage and viewing capability. If the implementation
   can not offer quarantine support, then it SHOULD 
   The author domain MUST be aware not all receivers can support a "Junk"
   folder concept were quarantine mail can be separated from the 
user's main
   mail pickup in-box.

So, I think, we should keep the quarantine policy because it does 
allow for the wider desirable design of for Mail Filtering Systems 
where multiple user folders can be supported and also for domains who 
are not yet 100% sure about issuing hard reject/discard directions.

If we take it out, there is still going to be receivers who will 
perform a quarantine concept regardless of a hard reject policy.