IETF Logo Mail Archive

Re: [dmarc-ietf] Some Proposed Language for a New pct Tag Defintion

Douglas Foster <dougfoster.emailstandards@gmail.com> Sat, 07 August 2021 18:49 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06A993A082D for <dmarc@ietfa.amsl.com>; Sat, 7 Aug 2021 11:49:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJ-SWAnTNUPX for <dmarc@ietfa.amsl.com>; Sat, 7 Aug 2021 11:49:51 -0700 (PDT)
Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C70773A082B for <dmarc@ietf.org>; Sat, 7 Aug 2021 11:49:51 -0700 (PDT)
Received: by mail-oi1-x234.google.com with SMTP id s13so8071269oie.10 for <dmarc@ietf.org>; Sat, 07 Aug 2021 11:49:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=+dGzUGWkhP8BapjUsMtDo9ymT7B07nYktSTOt1ndaco=; b=JRiuMAm1Sg8mAfLdDsrooNJOxEzsXvYQ9CMNgD+f/USrIR42GjlquTa8up49LLjOUD sJPQT0tsQrZy4tyqfMM6ZJilWNfhQ4aRDvCcsqgjAPqRLN4Mc3tYeUnRXOac3LpA2pL9 Qr9U5ba7rhZHdUobOqwqS/o6DD2HaGbOm/MKrjDmiu9WdTOMSCDF70LjpAgN8hPRTW4R dPeL8QSiOC8oLSspaqTHW81GitpoE+0RuQt5Nr6fHYmKJ2/+wlckXJ5gdLIIiF4ccggz OuMeGJbc21kTaYPEm3GaVTQQpFK12YmqYDGrRDjSwk1lEcEjUiq/3nZNUo1PVcY9wSDi hPqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=+dGzUGWkhP8BapjUsMtDo9ymT7B07nYktSTOt1ndaco=; b=aMqO0CYi09mFc6nnkVzMaPg2cjxV7bvwXTIy+pk2+VQjlh3ZUJQX1ul+uTiyApa1cn 5lmRgQw7oRF/q+IFG05Jl6GLdJMf8Cy20ZQJIR3mz5/c61vy3DYESnOq/1HTzrGEOBA8 zhv4enwkGAato+Ra9hH0U8biz37WqcPf9Ose5GPz2dKgDEQr9Dn68zYEvIcCNX9ET5i5 kGxjmVk1ISjq/xF6SyPlQK560fhnfVMSPyZ7atQ8XSavScGJmonbmrPTQ7zThHjNDWDs uFgS0BN1gsLJqmHje7l5WL5UtN4fmDrwGMH7hartZhr7d83uJjDs/nqCyJhWgV0DVzlT hgIg==
X-Gm-Message-State: AOAM533qXsKbPTHqSq5f/kigjiSw05lUazoHJM2yUbgVLIVjnPricWOi najDPtyoBEnpskfNCOq5dJwwEFwdkiPTr5Z2qAh4E87e
X-Google-Smtp-Source: ABdhPJwaM4KaKUIDzgwfF/jts9PFUDPQwCrOkLOq7nj/GFXZsAm4WTBJ+FqRNERbIXKLolKLhf1jkgtZYk7bIARKhW0=
X-Received: by 2002:aca:2406:: with SMTP id n6mr18911353oic.20.1628362186011; Sat, 07 Aug 2021 11:49:46 -0700 (PDT)
MIME-Version: 1.0
References: <CAHej_8m4W_k_r9SV6reNJA7aMGFCkK451tjvQGtrPNwRtJwC8A@mail.gmail.com> <20210731203844.1DBB42566507@ary.qy> <CAHej_8=LL_KWcVYnc2quYSGMnQF5bdoerDtTZZm1yGjxjCqW1Q@mail.gmail.com> <260d86d5-bb98-c2bd-3d19-e03cc83080e5@tana.it> <CAH48ZfzX2K9JHZpr0WgtAto3cMeJ5tbwPPM61rPNvan92Cx7bQ@mail.gmail.com> <CAL0qLwZQp4N6mEh+peQcEOdQe_EOPHCk7vPHwLZcdujnZJ+87w@mail.gmail.com>
In-Reply-To: <CAL0qLwZQp4N6mEh+peQcEOdQe_EOPHCk7vPHwLZcdujnZJ+87w@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sat, 07 Aug 2021 14:49:34 -0400
Message-ID: <CAH48ZfwtQdNeaYXA5B1GNvVnhAoeX2zBM4Jg3qz6TVaoTy5inQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a9ba1a05c8fc9d60"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/PMNGOa0YHUAxVBAZ_IPoL5w6tuU>
Subject: Re: [dmarc-ietf] Some Proposed Language for a New pct Tag Defintion
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Aug 2021 18:49:55 -0000

This is essentially a form of greylisting.  I was deliberately proposing to
not track repeats, to avoid the problems that greylisting encounters from
source domains with many servers.   Since greylisting is common, I did not
expect pushback on the propriety of the approach.  What codes are currently
used by systems that implement greylisting?

Changing the PCT disposition from Reject to Defer causes a dramatic change
in my perception of the algorithm.  I am as much enthused about this
approach as I was resistant to the old one.

I thought the DMARC implementation consulants and mailing list operators
would be equally intrigued, so I have been surprised by the silence this
week.

I can envision some domain owners going to PCT=99 and stoping there
permanently.  As an evaluator, I would rather have that than p=None

Doug

On Sat, Aug 7, 2021, 1:51 AM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Thu, Aug 5, 2021 at 4:22 AM Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
>
>> PCT could work IF evaluators are willing and able to send a Temporary
>> Error result (probably 451), instead of a permanent error, when
>> - a DMARC verification fails,
>> - the message is not unconditionally blocked or accepted on other
>> criteria, and
>> - the sender's PCT is between 1 and 99.
>> The result should include an extended status code in the 4.7.2x range.
>>
>> This approach assumes that the temporary error status will cause the
>> sender to retry multiple times over an extended period.
>>
>
> It should, since that's what the standard says ought to happen.  But then,
> as was observed elsewhere in this thread, not all clients behave that way.
>
> Based on observed configurations, this probably works out to at least 10
>> attempts.  In most cases, the PCT formula will cause the message to be
>> accepted after a delay, which is a result equivalent to PCT=0.
>>
>
> We usually use 4yz SMTP reply codes to mean there's some transient
> condition preventing delivery; a later retry may yield a different result.
> Random chance seems an awkward thing to shoe-horn into the notion of
> "transient condition".
>
> I think this could also DMARC skew statistics, as now any given message
> could result in multiple distinct delivery attempts over a period usually
> measured in days.  Care would have to be taken to identify and aggregate
> the ones representing the same message.
>
> -MSK
>

v2.23.0 | Report a Bug | By Email