IETF Logo Mail Archive

Re: [dmarc-ietf] Abolishing DMARC policy quarantine

Дилян Палаузов <dilyan.palauzov@aegee.org> Wed, 24 July 2019 16:52 UTC

Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE4A7120372 for <dmarc@ietfa.amsl.com>; Wed, 24 Jul 2019 09:52:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ia-eKzipx_8a for <dmarc@ietfa.amsl.com>; Wed, 24 Jul 2019 09:52:37 -0700 (PDT)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AF7B120112 for <dmarc@ietf.org>; Wed, 24 Jul 2019 09:52:37 -0700 (PDT)
Authentication-Results: mail.aegee.org/x6OGqRgh008351; auth=pass (LOGIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1563987149; i=dkim+MSA-tls@aegee.org; r=y; bh=g+bn90KlycKkZRSitrVqIpEMFvLdR6X0SwHZYlFGpTE=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=RhxsuC+QKscUi+TjWOt/gL8m29aFbIF3L3Gmh+vBrGA5JCqpnCGcpqW8FqtbBzdDI paAup+8KyJu4W+u0LLoBT8EDJgbOPtyugmevs0XoknHabvT11mUdak8li1aJEOrUD4 ZbZxEVolMcj6ZAlYed1sL50TKUyvY6OZtuqZQ5YlICh+NgD4uV7nxcFxHj9rz8F1z2 ofkChAvlszRDG+RhRPGEQMVaSiF88Qvd9uyPhBOcN6yJMT833kBw76mbcY6rnVYlcm FB29YEV2/dGCG2B+VmieLbXn/hLQfkZrc4S7s4l9kpWuVI73Kksub/8zM1tHyBvK2M IlbGhm09sZaf0DGHIEvI6vL7GqwMIAQu0ABmO5gb9qHMatNOHBOva5CLvQEPicqn57 1NV1tTReUXt/HMANlXBhHZJTzjHM1TLrVwrYzs68qkhIlmkBgj16WARyjCDqJ1ud+2 J0PaEEM7hwfuRu7rSt1uuje8WO/1juzUF+O7Bb0QpeKguaoXjGYkZEmKfBdiQzl5uN Sd6zX89Bn5ADbB/SM21v5JSbutpPodgJ+vqeWNs9e9S9j0ur/6Cj1sT8nd8/MGTWVO xKeX7QrjK4i2KPHwGXcxThicDH5ukbebbo4tnsaowuD8HMFH0AI/9uvYl2DETQtwaA fwUsnG05V7AVLm4O4LpASpdM=
Authentication-Results: mail.aegee.org/x6OGqRgh008351; dkim=none
Received: from Tylan (87-118-146-153.ip.btc-net.bg [87.118.146.153]) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id x6OGqRgh008351 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Wed, 24 Jul 2019 16:52:28 GMT
Message-ID: <70da228a75b94c28097ce0c25bc407d93e86c4c2.camel@aegee.org>
From: Дилян Палаузов <dilyan.palauzov@aegee.org>
To: Vladimir Dubrovin <dubrovin@corp.mail.ru>, "Murray S. Kucherawy" <superuser@gmail.com>, Vladimir Dubrovin <dubrovin=40corp.mail.ru@dmarc.ietf.org>
Cc: IETF DMARC WG <dmarc@ietf.org>, Dotzero <dotzero@gmail.com>
Date: Wed, 24 Jul 2019 16:52:27 +0000
In-Reply-To: <36cba315-e738-ddec-0f6c-2e6086b69d11@corp.mail.ru>
References: <a8ac130a671f5bcd1bf9f09781325e84a9f1fda6.camel@aegee.org> <b903c983-5c65-5b17-62bf-9ff42ffdbaaa@corp.mail.ru> <CAJ4XoYeJRcGfO7LntM6LBeJ5rMOcb0D=ya31Rm8utoWTqE7oXQ@mail.gmail.com> <0295aa1e-733a-b3ae-14cb-edcb2050d6af@corp.mail.ru> <CAL0qLwYYEMofia2S4a8oXsf02fnJg7y+DovvMWZENUW+4yUyiw@mail.gmail.com> <36cba315-e738-ddec-0f6c-2e6086b69d11@corp.mail.ru>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.33.90
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.101.2 at mail.aegee.org
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/H8Jy-b6o569XmxSTAB4SYdOXJ1A>
Subject: Re: [dmarc-ietf] Abolishing DMARC policy quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 16:52:39 -0000

Hello,

(I repeat what was said here, just in case)
 
As it was pointed out, p=quarantine; pct=0; is the same as p=none; and p=reject; ptc=0; is the same as p=quarantine;
pct=100, therefore p=quarantine; pct=0 is not the same as p=reject; pct=0 currently, per 
https://tools.ietf.org/html/rfc7489#section-6.6.4 (RFC DMARC, Section Message Sampling)

And then, for p=none or any equivalent form of it, there is no need or established practice for mungling, while for
p=reject; pct=0, or any equivalent form of it, there is mungling.

This is the current specification.  I proposed on this regard in fact two things:
- specifying that p=quarantine; pct=0 (email from 10th May to dmarc@ietf) the MLM does mungling
- abolishing policy quarantine

That is: p=reject; pct=0 gets almost the same as p=none, except that there is recommendatiton for MLM to mungle From:.

Regards
  Дилян
On Wed, 2019-07-24 at 19:36 +0300, Vladimir Dubrovin wrote:
> 
> Hello Murray,
> 
> Yes, rewriting depends on policy. Look at From: headers for this mailing list (dmarc@ietf.org), you can see it only munges From address for domain with strict DMARC policy (if RFC5322.From domain publishes "quarantine" or "reject" policy). This is very common behavior, it can also be seen in Google Groups.
> 
> But, as it was correctly pointed by Dilyan Palauzov, there should be no difference between "p=quarantine;pct=0" and "p=reject;pct=0" for valid DMARC Mail Receiver implementation, so "p=reject;pct=0" can probably be used instead. 
> 
> 24.07.2019 18:27, Murray S. Kucherawy пишет:
> > On Fri, Jun 14, 2019 at 12:25 PM Vladimir Dubrovin <dubrovin=40corp.mail.ru@dmarc.ietf.org> wrote:
> > > Nope, I mean 2 different things. 
> > > 
> > > 1. Why quarantine is useful (with pct=0).  
> > > 
> > > For example this mailing list (dmarc@ietf.org) performs >From rewrite (aka From munging), e.g. dubrovin@corp.mail.ru is replaced with dubrovin=40corp.mail.ru@dmarc.ietf.org.                 It's because corp.mail.ru has a strict DMARC policy (reject). dotzero@gmail.com is not overwritten, because gmail.com has p=none and ietf.org only overwrites From only for domains with "quarantine" and "reject" policies. It's quite common behavior.
> > > 
> > > If you are implementing DMARC for a new domain (let's say example.org), you usually start with "p=none". With p=none you receive reports for failed DMARC for different lists, like ietf.org. Before switching to stronger policy (p=reject), you may want to know which mailing list will still fail DMARC, and which lists perform From munging and, as a result, do not fail DMARC. For this purpose, before switching to "p=reject" it's useful to switch to "p=quarantine;pct=0". After this, you will only see mailing lists without From munging in DMARC reports.
> > > 
> > 
> > I'm confused; is this claiming that those rewrites happen by virtue of the fact that "p=quarantine" is the published policy?  Seems to me that rewriting will happen irrespective of what the published policy is for the From domain.
> > 
> > Or is it the case that this changes the content of the aggregate reports in a way you find meaningful?
> > 
> > -MSK
> > 
> > 
> > _______________________________________________
> > dmarc mailing list
> > dmarc@ietf.org
> > https://www.ietf.org/mailman/listinfo/dmarc
> 
> 
> -- 
> Vladimir Dubrovin 
> @ mail.ru

v2.23.0 | Report a Bug | By Email