IETF Logo Mail Archive

Re: [dmarc-ietf] Abolishing DMARC policy quarantine

Дилян Палаузов <dilyan.palauzov@aegee.org> Fri, 14 June 2019 21:58 UTC

Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93E2612009E for <dmarc@ietfa.amsl.com>; Fri, 14 Jun 2019 14:58:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.698
X-Spam-Level:
X-Spam-Status: No, score=-1.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (4096-bit key) reason="fail (message has been altered)" header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-4kbPrj7uN5 for <dmarc@ietfa.amsl.com>; Fri, 14 Jun 2019 14:58:42 -0700 (PDT)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E93E120100 for <dmarc@ietf.org>; Fri, 14 Jun 2019 14:58:42 -0700 (PDT)
Authentication-Results: mail.aegee.org/x5ELwNu3011664; auth=pass (LOGIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1560549513; i=dkim+MSA-tls@aegee.org; r=y; bh=/BLhdfcjTL6yYeeUlxV8xRNAD1aHNpeNbiuvkaylHh8=; h=Subject:From:To:Date:In-Reply-To:References; b=fifAqyv8dqVEwk7CjVa25kOx/5NmJgFi8tzYqYu1P+mrAgbYKljR/3gE3BDecDY/c HGUsmFLbfyASX7xgfs7ByzEg+jTuj4qICIadJ79Ew31CTPgHP798IsdNK/mkcGE0Gv phwvhD+m4B42Mp9nSimvXn+/LiWesoIlXUN/1ZOKal1J1k39hDIKaEk8KwY/OCh4lp GKGNMyU+ynn9aNytpjcPJ5BR04njuL6+4p4ke/oUr4grJ5Ih9YMpGgIZpV2CMn/KC5 DLKOOqEkxIQkBcosDsf+4TMud/8tU8M7qcY8Upw1xUEuFccpxjoDhS9kPuWiTOF9+N Y1doYkdG4Y4zgJGEA9vC0H47yrtfgbwb8cVHAIpKQxSgP9ivNovJJu4IoGufGK+oxe tjaFCB7wPmPj0aKURjgaZ+wffABVx4bRaUBsT/PGQK8cqZof8d9hokId150ZS5o9uV ruTGeqt2eOkSOcQYl4P1QOQn8qPjAqvbdqExBKQ+H/jKaFCP98I9TXlCpmCFJ7daCq 3XOCq8qBwW6jwLRSGBuEkIvuNg+nwuhpeg0ii4J1mFaGZq7vHIpZD54i1WnJ6c+psO 1pHG6DRBJX67Iu/g9dkx6qJUtKOd6DBDJHhTHTZT53U+aQ+GHTpj5/ameYj4Gl0tSR NOOAlZbxkM6xXuhOJRMupQ7E=
Authentication-Results: mail.aegee.org/x5ELwNu3011664; dkim=none
Received: from Tylan (x2e722567.dyn.telefonica.de [46.114.37.103] (may be forged)) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id x5ELwNu3011664 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Fri, 14 Jun 2019 21:58:32 GMT
Message-ID: <d2c48fa6e0caec1c75f1cc21303bfe83a188cc33.camel@aegee.org>
From: Дилян Палаузов <dilyan.palauzov@aegee.org>
To: Ken O'Driscoll <ken=40wemonitoremail.com@dmarc.ietf.org>, dmarc@ietf.org
Date: Fri, 14 Jun 2019 21:58:22 +0000
In-Reply-To: <b35700fed33aea68cde9a10c492b90f25519ce30.camel@wemonitoremail.com>
References: <a8ac130a671f5bcd1bf9f09781325e84a9f1fda6.camel@aegee.org> <b35700fed33aea68cde9a10c492b90f25519ce30.camel@wemonitoremail.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.33.3
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.101.2 at mail.aegee.org
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/PSTR6TLUKtELuah1v9vfP3v-n2s>
Subject: Re: [dmarc-ietf] Abolishing DMARC policy quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 21:58:44 -0000

Hello Ken,

effectively I proposed handling p=reject and p=quarantine the same way.  Shall I read in your answer, that failed DMARC
validation is weighted differently in the overall spam evaluation, for p=reject and for p=quarantine?

> A use case for p=quarantine is that when deploying DMARC for any reasonably
> complex site, it forms part of a graduated approach (perhaps in conjunction
> with pct=x) utilising aggregated reports to moving towards p=reject. 

There is no ordering between the policies.  p=quarantine is not a softer variant of p=reject, it is just different. 
Switching from Quarantine to Reject is not a graduate approach.  But if some subscribers here see it as such, perhaps
more discussions are necessary.

In the counter example for extra work, having support queries for rejected emails (p=reject) or for emails arriving
misteriosly as spam (p=quarantine) is the same amount of support, extra work.

Lets have an example for p=quaranite:
  majordomo@domain is an address where commands are sent and the software receiving the command always sends an answer,
even if the command is unclear.  An email is sent to majordomo@domain.  The sending domain has published policy
Quarantine.  This address has no spam/junk folder attached to it.  The options for an email are:
 * reject the email during the SMTP dialog
 * accept the email and let majordomo send an answer to it
 * arrange a human to decide which emails to discard (handle an imaginary Spam folder for the account).

The third option is expensive and causes delays.  The second option could send backscatters, so a caution has to be
payed when accepting an email.

After the total, complex spam evaluation, the spam filter is uncertain if the mail is spam or not.  DMARC evaluation on
its own fails.  Shall the email be rejected during the smpt dialog (handle Quarantine as Reject), shall the email be
accepted, or what do you suggest to do?

As for pct=0 on there was a discussion on ietf-smtp@ietf.org whether From: shall be rewritten by the MLM on 25-26 Jan
2019 and the outcome is, that the behaviour is unclear (one cannot act wrong by rewriting or not RFC5822.From:).  So on
pct=0; further ellaboration is necessary.

On Wed, 2019-06-12 at 12:05 +0100, Ken O'Driscoll wrote:
> On Tue, 2019-06-11 at 21:00 +0000, Дилян Палаузов wrote:
> > Dear all,
> > 
> > when DMARC passes, there is no difference between p=reject and
> > p=quarantine.
> [...snip...]
> > However, it is ultimately up to the receiving site to decide, whether it
> > wants to accept this extra work.  If it does not accept the extra work,
> > it just handles quarantine as reject.  This does not violate the DMARC
> > specitification.
> 
> Even in a moderately complex spam filtering engine, DMARC is just one
> indicator / signal amongst many.
> 
> Who does the "extra work" is subjective. For example, a large mailbox
> provider may consider support queries about missing or rejected emails as
> unwanted "extra work" etc.
> 
> DMARC does not live in isolation - it's part to a greater ecosystem. 
> 
> > Do you have a story, why one wants to publish p=quaratnine?  What is the
> > use case for it?  It just makes emails less reliable, as they end as Junk
> > and this is very similar to discarding the emails.
> 
> There is a world of difference between requesting that a recipient flag an
> incoming message as spam as opposed to asking them to discard it outright.
> And that is regardless of how individual mailbox provides treat
> p=quarantine.
> 
> A use case for p=quarantine is that when deploying DMARC for any reasonably
> complex site, it forms part of a graduated approach (perhaps in conjunction
> with pct=x) utilising aggregated reports to moving towards p=reject. 
> 
> The proactive nature of DMARC means that its deployment needs to be
> properly planned with any risks mitigated as best as possible. The various
> stages of p= can easily be articulated on a project plan / risk register.
> 
> And such sites that require such planning are often starting from a
> position of improperly documented mail flows and inconsistently implemented
> SPF/DKIM. In addition they often operate in regulated sectors and are
> commonly top-heavy with risk-adverse middle management.
> 
> I accept that a small site with a simple mail flow which does not operate
> in a regulated space and has thin governance could likely move straight
> from p=none to p=reject without serious repercussions. Such sites are not
> the majority of DMARC deployments.
> 
> DMARC changes how recipient mailbox providers treat email and therefore it
> needs to be deployed in a controlled manner, p=quarantine being one
> component of that. 
> 
> > Imagine a mailing lists, where the recipient of an email address expands
> > to several mailboxes on different domains.  An incoming email fails DMARC
> > validation before being distributed over the ML.  The domain owner for
> > that mail origin has published p=quarantine, this email cannot be
> > delivered in the Junk folder of the recipient, because the mailing list
> > itself does not have a junk folder.
> 
> DMARC was never originally intended / scoped to work with domains which
> interacted with mailing lists. The 5322.from address rewriting kludge 
> allows such interaction by removing future DMARC tests.
> 
> A mailing list operator can also choose to reject emails from domains which
> have a DMARC record.
> 
> DMARC has no use case to offer when working with mailing lists.
> 
> > How about, deleting policy Quarantine and instead rephrasing policy
> > Reject:
> > 
> > It is up to the receiving server if it rejects messages failing DMARC, or
> > accepts and delivers them as Junk.
> > 
> > (This does not change the protocol, just the wording)
> 
> I think this is completely unwarranted for (at a minimum) the above
> mentioned reasons.
> 
> Ken.
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email