IETF Logo Mail Archive

Re: [dmarc-ietf] Some Proposed Language for a New pct Tag Defintion

Todd Herr <todd.herr@valimail.com> Tue, 03 August 2021 19:55 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B0333A30C4 for <dmarc@ietfa.amsl.com>; Tue, 3 Aug 2021 12:55:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ApzJm7rg1h6c for <dmarc@ietfa.amsl.com>; Tue, 3 Aug 2021 12:55:17 -0700 (PDT)
Received: from mail-qv1-xf2a.google.com (mail-qv1-xf2a.google.com [IPv6:2607:f8b0:4864:20::f2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 052473A179E for <dmarc@ietf.org>; Tue, 3 Aug 2021 12:55:16 -0700 (PDT)
Received: by mail-qv1-xf2a.google.com with SMTP id g6so14592qvj.8 for <dmarc@ietf.org>; Tue, 03 Aug 2021 12:55:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1wxaf+5tYGFTiQSpspWJvTzfC1+FoqpnFXu4EDMclUc=; b=aZMh8EHL2bQV/IoNHdlQZrxDINNFGtGoxVoWPS+qNQu29JBq0DU6wzzUi/B6oAv3Xv hZwvvSwdhwyfTvQ4tXgB98xQY6iC0YUIRbocYxO7v52oAdcVHBqM5OyGGZnMw9WJcE1v JD9jQ62MDBlHQW4pGt8EmQY7s1YdwESi0qWkSouKjxRg9ko+kRNH2RB+n8vAkMbSF+va 15ZBp4UQs/unwNCv2Cv4WPp7NN5MTdU3byV/nDqUdR2auUQ8rCPiOvFQQ3K4ruzxLMrl OPNTepmhHogkzZv+ITD0e/Kcq7rjD+RVGby5auV9Tdx2AvrLsWv0zX2vRAR3rKs5Z/Wl QFMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1wxaf+5tYGFTiQSpspWJvTzfC1+FoqpnFXu4EDMclUc=; b=CjMp7laL2K4X3InrM8EBRvejb9jT46pZh6Ca7f/6ldGxaAeE3iJFIIfHo+k6zhToaO uMttIl1gkcmpOhEjI+Df8atw+V6eaxNbIFY5/Aos9vPjpsjN3RqgF6Qw9dSg1Y0CYS3M LRsif1HVM/O000rniPFjyEOITkRcoakY1ku7p/AOqOLJc37IDmxVttsuz2/X49+cUta5 65vvBcEjAhNUtfK+dqfNFY2hDWfk9QU8UaYXOdRrrjn3ln9Ejatlk03/WPCIaDzstZpr pnISJvUPnYlxf0dV/jSOQwnRNdi7H5X/JBfQZne6TywWgN6fjCnkTRUhl4m/hLjNZkIt KuPg==
X-Gm-Message-State: AOAM533496zObv29sq6teLVemeVRWA4ytppQbHjph1pBoNj8CDSsazsV cj6fVAIyI/AqGhTJKeA4mp4cfEhpgoHT+23dADNmrg==
X-Google-Smtp-Source: ABdhPJwRkT7Y0h7APNU0/l+neLbZQbApdwpP51KlN5Eqp4Wb9YJL1PQL4HW8Ihe67GMJwMOXyOTGEZ8EJumvua75ouQ=
X-Received: by 2002:a0c:ab1c:: with SMTP id h28mr23627036qvb.39.1628020514249; Tue, 03 Aug 2021 12:55:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAHej_8=LL_KWcVYnc2quYSGMnQF5bdoerDtTZZm1yGjxjCqW1Q@mail.gmail.com> <20210803021005.EE5CF257D352@ary.qy> <CAHej_8k0rZHY02_mAMfc19dUOVREbd_WdTr5whUuNHmggx+cdA@mail.gmail.com> <CALaySJKb32r36Eq89_bM_dv4NeMtPmkgzHJX=AW+QVM-skHoVQ@mail.gmail.com>
In-Reply-To: <CALaySJKb32r36Eq89_bM_dv4NeMtPmkgzHJX=AW+QVM-skHoVQ@mail.gmail.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Tue, 03 Aug 2021 15:54:58 -0400
Message-ID: <CAHej_8kFB+icKyhTNUhbAV39Fa5KJBAXDb+REQM_1CPaUnkXzg@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007071e605c8ad10a4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/WcGW-sNkiYGF381Qo1S4fz3vLek>
Subject: Re: [dmarc-ietf] Some Proposed Language for a New pct Tag Defintion
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2021 19:55:23 -0000

On Tue, Aug 3, 2021 at 8:22 AM Barry Leiba <barryleiba@computer.org> wrote:

> The problem I have with leaving pct=0 in as the only (non-default) value
> is that it locks history into the protocol.  It makes no sense to have a
> binary situation specified by a tag called “pct” that is either 0 or 100.
>
> If we’re leaving this in as a binary thing, (1) we’re already incompatible
> with deployments that do pct=20 or whatever, so (2) we might better make it
> a y/n or t/f valued tag for that function, deprecate pct entirely, and
> leave text in a backward-compatibility section explaining what happened.
>
> I just think that the pct= 0 or 100 thing won’t wear well and will appear
> tattered quickly.
>
>
I don't disagree with you here, Barry, so let me propose this.

1. Eliminate the 'pct' tag entirely. Section 6.3, General Record Format,
says "unknown tags MUST be ignored." so we're covered on the compatibility
issue, I think.

2. Define a tag named "t", in a fashion somewhat similar to the t= tag
available for DKIM public key records, as follows:

   t:  DMARC policy test mode (plain-text; OPTIONAL; default is 'n').

      For the RFC5322.From domain to which the DMARC record applies, the

      "t" tag serves as a signal to the actor performing DMARC

      validation checks as to whether or not the domain owner wishes the

      assessment policy declared in the "p=" tag to actually be applied.

      This parameter does not affect the generation of DMARC reports.

      Possible values are as follows:


      y:  A request that the actor performing the DMARC validation check

         not apply the policy, but instead apply any special handling

         rules it might have in place.  The domain owner is currently

         testing its specified DMARC assessment policy.


      n:  The default, a request to apply the policy as specified to any
         message that produces a DMARC "fail" result.


3. Include the following as an Appendix:

Appendix C.  History of the "pct" Tag


   An earlier informational version of the DMARC protocol [RFC7489]

   included a "pct" tag and specified all integers from 0 to 100

   inclusive as valid values for the tag.  The intent of the tag was to

   provide domain owners with a method to gradually change their

   preferred assessment policy (the p= tag) from 'none' to 'quarantine'

   or from 'quarantine' to 'reject' by requesting the stricter treatment

   for just a percentage of messages that produced DMARC results of

   "fail".


   Operational experience showed that the pct tag did not function as

   intended due to many factors, unless the value specified was either

   "0" or "100" (the default).  The default value was easily

   implemented, as it required no special processing on the part of the

   message receiver, while the value of "0" took on unintended

   significance as a value used by some intermediaries and mailbox

   providers as an indicator to deviate from standard handling of the

   message.


   These "custom" actions proved too valuable to the email community to

   remove their availability from this version of the protocol, but at

   the same time it didn't make sense to support a tag named "pct" that

   had only two valid values.  This version of the DMARC protocol

   therefore introduces the "t" tag as shorthand for "testing", with the

   valid values of "y" and "n", which should be analogous to the "pct"
   tag values "0" and "100", respectively.

-- 

*Todd Herr* | Technical Director, Standards and Ecosystem
*e:* todd.herr@valimail.com
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email