Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

Laura Atkins <laura@wordtothewise.com> Thu, 03 December 2020 09:28 UTC

Return-Path: <laura@wordtothewise.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5CE63A0D79 for <dmarc@ietfa.amsl.com>; Thu, 3 Dec 2020 01:28:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wordtothewise.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o0I8jMkM0APQ for <dmarc@ietfa.amsl.com>; Thu, 3 Dec 2020 01:28:25 -0800 (PST)
Received: from mail.wordtothewise.com (mail.wordtothewise.com [104.225.223.158]) by ietfa.amsl.com (Postfix) with ESMTP id 30C613A0D75 for <dmarc@ietf.org>; Thu, 3 Dec 2020 01:28:24 -0800 (PST)
Received: from [192.168.0.227] (unknown [37.228.231.27]) by mail.wordtothewise.com (Postfix) with ESMTPSA id AB62A9F149 for <dmarc@ietf.org>; Thu, 3 Dec 2020 01:28:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wordtothewise.com; s=aardvark; t=1606987704; bh=3e7UR+YybCgJLHyuV63Uuaccpbwt5VsKaIbf9/cAOY4=; h=From:Subject:Date:References:To:In-Reply-To:From; b=BsaUqu9LIUvUolMTRTSmoDJEMp+jgrs/g9E0Rj/Ig5Zo6qPD2BFU9nAV1FIz9QbRC HFNsC/eE3j5I3TzXKNYtwj3ukz90kbCSq6kbWjO62+ATQpm/KZDHd5PJA1a1f2Re7U IpguTebap9e9jrAuu/BrG5GXTmrBjoqHfQFlzJTw=
From: Laura Atkins <laura@wordtothewise.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B6A33DFF-BD92-46DC-B9D0-42F5F07324FB"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Thu, 3 Dec 2020 09:28:21 +0000
References: <a49a7a79-6c52-ded7-60a3-754cd12fb7c3@taugh.com> <5C559553-3F45-494D-9714-F7BC47BB82FF@wordtothewise.com> <B3AD64BB-1636-4632-ABB5-96E675CDC5F1@bluepopcorn.net>
To: IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <B3AD64BB-1636-4632-ABB5-96E675CDC5F1@bluepopcorn.net>
Message-Id: <2F1BED43-5AE5-42BC-AA45-67C5FDAF6CB8@wordtothewise.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/IoJf6jYEFlGxQbTS7loTtNNDl6g>
Subject: Re: [dmarc-ietf] Ticket #39 - remove p=quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 09:28:27 -0000


> On 3 Dec 2020, at 06:03, Jim Fenton <fenton@bluepopcorn.net> wrote:
> 
> On 2 Dec 2020, at 1:47, Laura Atkins wrote:
> 
>> p=quarantine is quite useful, particularly for those folks who are trying to get to a p=reject state.
>> 
>> In practice, senders who publish p=none don’t find all of the indirect mail flows as some mailing lists do nothing to transform the 5322.from address for a p=none policy. Senders have found that when they switch from p=none to p=quarantine pct=0 they regularly find mail that was not failing for a p=none.
> 
> I’m really confused by this. It sounds like the 5322.from address rewriting is creating additional errors that didn’t exist beforehand, and that’s the opposite of the intended purpose. Isn’t the purpose of rewriting the 5322.from address to change the domain to that of the mediator, which should redirect reporting to the mediator rather than the original sender?

What I am trying to say is that as I understand it from the folks who professionally deploy DMARC, they regularly use p=quarantine pct=0 as part of the deployment process. There are DMARC failures that go undetected in a p=none situation but that is detected in a p=quarantine  pct=0 situation.  My understanding was this was related to indirect flows through mailing lists and how mailing lists are handling the header transformation but it’s possible I got that piece incorrect. 

p=quarantine is valuable for other reasons as well, and I think it should be kept. 

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
laura@wordtothewise.com
(650) 437-0741		

Email Delivery Blog: https://wordtothewise.com/blog