Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

Steven M Jones <smj@crash.com> Wed, 02 December 2020 01:42 UTC

Return-Path: <smj@crash.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 511D53A0E07 for <dmarc@ietfa.amsl.com>; Tue, 1 Dec 2020 17:42:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=crash.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id op_SIgTVib5N for <dmarc@ietfa.amsl.com>; Tue, 1 Dec 2020 17:42:57 -0800 (PST)
Received: from segv.crash.com (segv.crash.com [IPv6:2001:470:1:1e9::4415]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E16D3A0B0C for <dmarc@ietf.org>; Tue, 1 Dec 2020 17:42:57 -0800 (PST)
Received: from [10.10.10.124] (135-180-6-94.fiber.dynamic.sonic.net [135.180.6.94]) (authenticated bits=0) by segv.crash.com (8.15.2/8.15.2/cci-colo-1.7) with ESMTPSA id 0B21gjFN066954 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <dmarc@ietf.org>; Wed, 2 Dec 2020 01:42:54 GMT (envelope-from smj@crash.com)
DKIM-Filter: OpenDKIM Filter v2.10.3 segv.crash.com 0B21gjFN066954
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crash.com; s=201506-2k; t=1606873374; bh=szU/IcyfQ7Xub26kXQmmtYlriiiydfmuM4XGDHHevCE=; h=Subject:To:References:From:Date:In-Reply-To; b=R+fczdPr9HJWvQWSzeLNQLOVnMjQLy2Y5hX9X6XO0gEHBJqacqm0RWyVIl+G69Y96 iu8GdNtRaD1HMLBHzqGc56L/6hMJ71+ecTkbD1HvMxgOUlLtzcLmSnkhpSTLGtBn15 b4gMbWnKih4PYaKYHZOhwphUwyVoDAoM0eywJsxfq2SykewJoo++mEKm4sVtuEHLXb I9GsQfcbtqmImlP8cOMHAERJ2baEnaVdzeqNfy4YpF+b7w4Ey1LBVBP2SEyPOQHvGK TxyKl5PKiEMPdvVA0sj32Sl1TWKB3K5Rt70oxRLd+TvBnyI/5QXq//tIkICOlP6mii xa/bE+0SPojww==
X-Authentication-Warning: segv.crash.com: Host 135-180-6-94.fiber.dynamic.sonic.net [135.180.6.94] claimed to be [10.10.10.124]
To: dmarc@ietf.org
References: <a49a7a79-6c52-ded7-60a3-754cd12fb7c3@taugh.com> <2fc01257-3307-c453-18a0-bc423dccfe6a@gmail.com> <CAH48Zfx448mxL9Btmqp0xUCK88yN9=h6Qus-4u4J2_W14aXwUw@mail.gmail.com>
From: Steven M Jones <smj@crash.com>
Message-ID: <e4ce658f-3a19-aa24-0fb2-2078d06fcc34@crash.com>
Date: Tue, 1 Dec 2020 17:42:45 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <CAH48Zfx448mxL9Btmqp0xUCK88yN9=h6Qus-4u4J2_W14aXwUw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (segv.crash.com [72.52.75.15]); Wed, 02 Dec 2020 01:42:54 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/TN249fZ8iXlwEl8Fj60c1UPRSSA>
Subject: Re: [dmarc-ietf] Ticket #39 - remove p=quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 01:42:58 -0000

On 12/1/20 4:16 PM, Douglas Foster wrote:
>
> I have always assumed that p=quarantine and pct<>100 were included to 
> provide political cover for "Nervous Nellies" who were afraid to 
> enable p=reject.

p=none, p=quarantine, and the pct= option were all included so that 
organizations could set policies according to their own risk/reward 
evaluation, including changes to those evaluations over time.


> Pct<>100 is pretty much similar.   A sender can specify pct=20, but 
> that does not mean that I am going to allow spam into my system 80% of 
> the time simply to make the sender happy.

I really hope no casual readers get the impression that DMARC bypasses 
spam filtering. DMARC evaluations are expected to be independent of spam 
evaluations. If there's any overlap here, perhaps it would be for DMARC 
(and/or underlying protocols) to provide reliable domain attribution to 
drive a local policy decision about filtering.


> Leaving it deployed is a useful ruse to promote deployment.   I favor 
> leaving both mechanisms in place.

While I deplore characterizing these policy elements as a "ruse," I 
agree that p=quarantine should be kept.

--S.