Re: [dmarc-ietf] Abolishing DMARC policy quarantine

Hector Santos <> Sun, 16 June 2019 15:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E11651201A0 for <>; Sun, 16 Jun 2019 08:43:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=BGSW+aln; dkim=pass (1024-bit key) header.b=gJGgOAyI
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IQLOYg7C5RP8 for <>; Sun, 16 Jun 2019 08:43:00 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 814F01201D0 for <>; Sun, 16 Jun 2019 08:43:00 -0700 (PDT)
DKIM-Signature: v=1;; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1754; t=1560699771;; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=8oiiyCXHjt5iUb5LqX4yKc5/iDE=; b=BGSW+alno5SJpt57WJeFWsMgV+i7yLZZIFeQuXJXFsK2kvQrUQvZwEE6OZxP+c EbAc3KWxpSJ1/p4zINRjW1xn/bjaZBSiwog5PtQwyrLW6lYkYeOn2ihv4nIZTC3d MUbzUmdSX8KVIuv3nzGtLQREDp1nDM8PVKZD+SzUxXpJM=
Received: by (Wildcat! SMTP Router v8.0.454.8) for; Sun, 16 Jun 2019 11:42:51 -0400
Authentication-Results:; dkim=pass header.s=tms1;
Received: from ([]) by (Wildcat! SMTP v8.0.454.8) with ESMTP id 1492206286.25538.5304; Sun, 16 Jun 2019 11:42:51 -0400
DKIM-Signature: v=1;; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1754; t=1560699564; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=OahdNWu aJz1VH5RPhE44in5vxMUNj04iPdCh9bzsoYE=; b=gJGgOAyIq8bJWb9d6pEWcjM jP1mt0Dnd/eESnXZf/q3KJSjandMhQ+KxwGdIQAoJwH2YMCacrxiJJ2Ye9sASTqU LYNtopOA9Ha11r+cxhHYdjwNw6llQ2XzO31cfsKdDif94E4+jgc5iicCxc0FuJRL Rf+uT87dZn7+bw87i168=
Received: by (Wildcat! SMTP Router v8.0.454.8) for; Sun, 16 Jun 2019 11:39:24 -0400
Received: from [] ([]) by (Wildcat! SMTP v8.0.454.8) with ESMTP id 3064419410.9.165952; Sun, 16 Jun 2019 11:39:23 -0400
Message-ID: <>
Date: Sun, 16 Jun 2019 11:42:38 -0400
From: Hector Santos <>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
References: <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [dmarc-ietf] Abolishing DMARC policy quarantine
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 16 Jun 2019 15:43:03 -0000

On 6/15/2019 6:13 PM, Steve Atkins wrote:
>> On Jun 15, 2019, at 9:25 PM, <> wrote:
>> Hello,
>> p=reject; pct=0 is equivalent to p=quarantine; pct=0.
> I've not been following this thread too closely so I might
> be missing something, but under current DMARC spec I don't
> think that's so - see section 6.6.4.
> If I've missed the point ... never mind, carry on.

If I follow myself, I think it could be expressed as:

p=reject; pct=0; is effectively equivalent to p=quarantine; pct=100;

Given the order of mail "restriction" or "filtering" from high to low 
of reaching the user's eyeballs:

   p=reject       never accepted or accepted/discarded
   p=quarantine   accepted, imported into spam box, outside inbox
   p=none         accepted, imported into inbox

The "pct" effectively forces a fallback to the next lower applicable 
policy once the pct of failed mail has been processed:

   p=reject; pct=X;  fallback to p=quarantine
   p=quarantine; pct=X;  fallback to p=none
   p=none;  pct=X  fallback to UNDEFINED, N/A

where X can be 0 to 100.

When pct=100, which is the default, then the fallback would not apply 
since the explicit domain policy is applied to all DMARC failed 
messages. The receiver rejects mail with p=reject and quarantines mail 
with p=quarantine.

If there is an explicit pct=0, then effectively, the fallback is to be 
applied immediately, thus:

p=reject; pct=0; is effectively equivalent to p=quarantine; pct=100;


p=quarantine; pct=0; is effectively equivalent to p=none; pct=100;

Because of the fallback and quarantine implementation complexity and 
how failed messages can reach users, the OP is proposing to abolish 
the quarantine policy.