IETF Logo Mail Archive

Re: [dmarc-ietf] p=quarantine

Alessandro Vesely <vesely@tana.it> Tue, 15 December 2020 09:50 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E68E3A0EFB for <dmarc@ietfa.amsl.com>; Tue, 15 Dec 2020 01:50:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fgfJGHIfkAA for <dmarc@ietfa.amsl.com>; Tue, 15 Dec 2020 01:50:14 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 765983A0E5D for <dmarc@ietf.org>; Tue, 15 Dec 2020 01:50:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1608025810; bh=1OvahXwkDTXHdOkpTYQA6l5MUiAZPSwS9R4r/cmXkdY=; l=1768; h=To:References:From:Date:In-Reply-To; b=B67yFcJlQvIvWuaiT1L1l8x+NivXo6GScaR0p17k3mG9mRGLd8Ep+NqqDHZ180Mts Q6oZGw7w8fV+uLJ0xf1Nhx47smo0LEIH2iyGOsrbfLvd1oyUKw2aZ+PPqVrFbBdSzu 4PcY1/CTi4BvT8WbtDohfn9MXCU+8c45b8kUbF6ng3KpeEqPxFS8wWP0n3Yq/
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC026.000000005FD886D2.00004D40; Tue, 15 Dec 2020 10:50:10 +0100
To: Douglas Foster <dougfoster.emailstandards@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
References: <20201211173722.6B4DF29782C7@ary.qy> <ea074aad-971b-abc6-d557-ea2f433b3cc7@gmail.com> <CAH48ZfxEjGHv99z3RGj+Z+KJaFVPvm6RG4UzkKuOoDQDVCmb3g@mail.gmail.com> <A5E108DC-2692-4927-B2C1-AE3FED6DA8AA@wordtothewise.com> <CAH48ZfwkPEgexwGvyMT_PevMM5ngBT_XRfHYi7Wy1yxMw1LP1A@mail.gmail.com> <A07FA3DE-4C51-48C4-A2E7-067987200E1F@wordtothewise.com> <CAH48ZfwykEJM9AXKrp+SS4SgM4N1W70eLqHW+PXB18a_TrV6iw@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <db978751-1ea9-d9f9-7608-9a26ba019ea9@tana.it>
Date: Tue, 15 Dec 2020 10:50:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <CAH48ZfwykEJM9AXKrp+SS4SgM4N1W70eLqHW+PXB18a_TrV6iw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/QL8fi1YHtFz0Z1qxcJyGmpR_Q-g>
Subject: Re: [dmarc-ietf] p=quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 09:50:17 -0000

On Tue 15/Dec/2020 04:26:03 +0100 Douglas Foster wrote:
> Sorry about the confusion caused by my typing failures.
> What I meant:
> First party - From address aligns with SMTP address.  Can be validated with SPF 
> or DKIM.
> Third party - From address and SMTP address are in different domains.  Can be 
> validated with DKIM only.
> I am open to suggestions for better nomenclature.


I'm neutral about the nomenclature.  However, the definitions lack something.

First party is clear.

Third party is not:

For a nit, albeit unusual, one can use a different bounce address, for any 
convenience reason.  If SPF helo is aligned it is still a first party message.

There are other considerations that indicate a the presence and the quality of 
a third party, such as multiple DKIM signatures, and a Sender: field.

Then there are dumb forwarders, who neither sign nor modify messages, nor even 
the bounce addresses.  Second parties?  Hm... external aliases?  Artifacts of 
email address portability?


> But what I am trying to figure out is under what circumstances a DMARC policy 
> can be considered actionable.   Do I conclude that "p=quarantine" means "domain 
> is still collecting data, so results are unpredictable"?   Or do I conclude 
> that it means "Domain is fully deployed and failure to validate is a highly 
> suspicious event?"


I think quarantine is not necessarily an intermediate step.  It is adequate for 
human mail, where one is not equipped to resend in case of reject.  It doesn't 
cover first/third party differences.  I wish there was an intermediate policy, 
call it p=mlm-validate, that directs a third party to reject if not 
authenticated, while final recipients can accept it as if p=none.


Best
Ale
--

v2.23.0 | Report a Bug | By Email