IETF Logo Mail Archive

Re: [dmarc-ietf] p=quarantine

Hector Santos <hsantos@isdg.net> Fri, 11 December 2020 16:30 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 549A83A0CFF for <dmarc@ietfa.amsl.com>; Fri, 11 Dec 2020 08:30:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=ffeM+Cxt; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=mvcokytH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8q30W8WQ1E8 for <dmarc@ietfa.amsl.com>; Fri, 11 Dec 2020 08:30:07 -0800 (PST)
Received: from mail.winserver.com (news.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD6C83A0CFA for <dmarc@ietf.org>; Fri, 11 Dec 2020 08:30:06 -0800 (PST)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1212; t=1607704201; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=Sa+J+ECM1jO/NUdROFiWg2XkrT8Y o/l91BVJumqSE9s=; b=ffeM+CxtTZcM7fNPDRc2qd31yqlSzTASjDsXaYfAEdtp Q3pGx+cM749RHtxY1db7KMS/UvRlBntHmGBf39w5XD2/fgZAvyVrEo6ad87C44Ro uGpLkvPB+N6FklMWMCbdMfSLDDJaThAIQgM9BUBEAIdfur9gP6afgWiuM9jWsS8=
Received: by mail.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Fri, 11 Dec 2020 11:30:01 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by mail.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 1144284418.6153.3936; Fri, 11 Dec 2020 11:30:01 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1212; t=1607703859; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=Sa+J+EC M1jO/NUdROFiWg2XkrT8Yo/l91BVJumqSE9s=; b=mvcokytHtwk+Eu3Yl+aXQ+O AjinVhPZmivbbvURw2u4TPxm2cngLL5rCmyvSdsFY2rEmNrd9plVLfzBsu7PrJpx ViytRISjEkZb5uwQLZnU6dN1A9N3kzPiDorpy8j58OvuOPE1nB5Y8qPzzum1APqQ rLvF8XAzz4U+m35UB5yQ=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Fri, 11 Dec 2020 11:24:19 -0500
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 1011164267.1.16904; Fri, 11 Dec 2020 11:24:19 -0500
Message-ID: <5FD39E8C.4060302@isdg.net>
Date: Fri, 11 Dec 2020 11:30:04 -0500
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <923de33f-3707-facf-389e-371f6ee64008@gmail.com> <16B0B820-7080-4937-8642-3A6B84B441AA@gmail.com> <c1a8c519-8d2e-f287-48d1-00ac74d22b49@gmail.com> <CABuGu1rCHRofp+M7uQXhEYuTLJiL94nwY-9icwQrNiLiA=anaQ@mail.gmail.com> <1f5b3e62-e6f4-0bc2-221e-362667536727@gmail.com> <CABuGu1pC3FyMKi-6UZJTNUvGXF9u5qX84fUm=OzKvYcO-gRYsQ@mail.gmail.com> <8e0ff141-2842-606c-91e9-e588edab7ef1@gmail.com> <5FD39A0E.5000300@isdg.net>
In-Reply-To: <5FD39A0E.5000300@isdg.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/nipZ870DJiJHjNa1sJEQ2Fm6nOU>
Subject: Re: [dmarc-ietf] p=quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2020 16:30:09 -0000

On 12/11/2020 11:10 AM, Hector Santos wrote:

> * SPF -ALL, REJECT - Receiver rejects at MAIL FROM state with a 550
> response.

Correction:

* SPF -ALL, REJECT - Receiver rejects at RCPT TO state with a 550
response.  SPF is only tested once a valid (existing) RCPT TO is provided.

This was the very first major optimization done with SPF back in 
2003/2004 when it was first changed from MAIL FROM to RCPT TO.   It 
resulted in a DNS lookup overhead savings of 60% because at the time, 
60% of the RCPT TO were "unknown, not locally hosted" addresses.

This mode of operation is on-par with the SMTP RFC5321 Section 3.3 
recommendation:

    3.3 Mail Transactions

    .....

    Despite the apparent scope of this requirement, there are
    circumstances in which the acceptability of the reverse-path may
    not be determined until one or more forward-paths (in RCPT
    commands) can be examined.  In those cases, the server MAY
    reasonably accept the reverse-path (with a 250 reply) and then
    report problems after the forward-paths are received and
    examined.  Normally, failures produce 550 or 553 replies.




-- 
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos

v2.23.0 | Report a Bug | By Email