Re: [dmarc-ietf] Abolishing DMARC policy quarantine

Hector Santos <hsantos@isdg.net> Sun, 16 June 2019 15:43 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E11651201A0 for <dmarc@ietfa.amsl.com>; Sun, 16 Jun 2019 08:43:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=BGSW+aln; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=gJGgOAyI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQLOYg7C5RP8 for <dmarc@ietfa.amsl.com>; Sun, 16 Jun 2019 08:43:00 -0700 (PDT)
Received: from mail.winserver.com (ftp.catinthebox.net [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 814F01201D0 for <dmarc@ietf.org>; Sun, 16 Jun 2019 08:43:00 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1754; t=1560699771; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=8oiiyCXHjt5iUb5LqX4yKc5/iDE=; b=BGSW+alno5SJpt57WJeFWsMgV+i7yLZZIFeQuXJXFsK2kvQrUQvZwEE6OZxP+c EbAc3KWxpSJ1/p4zINRjW1xn/bjaZBSiwog5PtQwyrLW6lYkYeOn2ihv4nIZTC3d MUbzUmdSX8KVIuv3nzGtLQREDp1nDM8PVKZD+SzUxXpJM=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.8) for dmarc@ietf.org; Sun, 16 Jun 2019 11:42:51 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.8) with ESMTP id 1492206286.25538.5304; Sun, 16 Jun 2019 11:42:51 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1754; t=1560699564; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=OahdNWu aJz1VH5RPhE44in5vxMUNj04iPdCh9bzsoYE=; b=gJGgOAyIq8bJWb9d6pEWcjM jP1mt0Dnd/eESnXZf/q3KJSjandMhQ+KxwGdIQAoJwH2YMCacrxiJJ2Ye9sASTqU LYNtopOA9Ha11r+cxhHYdjwNw6llQ2XzO31cfsKdDif94E4+jgc5iicCxc0FuJRL Rf+uT87dZn7+bw87i168=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.8) for dmarc@ietf.org; Sun, 16 Jun 2019 11:39:24 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.8) with ESMTP id 3064419410.9.165952; Sun, 16 Jun 2019 11:39:23 -0400
Message-ID: <5D06636E.7040608@isdg.net>
Date: Sun, 16 Jun 2019 11:42:38 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <a8ac130a671f5bcd1bf9f09781325e84a9f1fda6.camel@aegee.org> <b35700fed33aea68cde9a10c492b90f25519ce30.camel@wemonitoremail.com> <d2c48fa6e0caec1c75f1cc21303bfe83a188cc33.camel@aegee.org> <5D0526BF.6090704@isdg.net> <b8ecdd470d5af9f8e2e3a2cfdf003cb1424cec15.camel@aegee.org> <DDD4C10C-6CF0-4D1D-97DC-C050285FAF31@blighty.com>
In-Reply-To: <DDD4C10C-6CF0-4D1D-97DC-C050285FAF31@blighty.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/pGa7kgemXtq2seP_EKKiPS9hZec>
Subject: Re: [dmarc-ietf] Abolishing DMARC policy quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jun 2019 15:43:03 -0000

On 6/15/2019 6:13 PM, Steve Atkins wrote:
>
>
>> On Jun 15, 2019, at 9:25 PM, <dilyan.palauzov@aegee.org> wrote:
>>
>> Hello,
>>
>> p=reject; pct=0 is equivalent to p=quarantine; pct=0.
>
> I've not been following this thread too closely so I might
> be missing something, but under current DMARC spec I don't
> think that's so - see section 6.6.4.
>
> If I've missed the point ... never mind, carry on.


If I follow myself, I think it could be expressed as:

p=reject; pct=0; is effectively equivalent to p=quarantine; pct=100;

Given the order of mail "restriction" or "filtering" from high to low 
of reaching the user's eyeballs:

   p=reject       never accepted or accepted/discarded
   p=quarantine   accepted, imported into spam box, outside inbox
   p=none         accepted, imported into inbox

The "pct" effectively forces a fallback to the next lower applicable 
policy once the pct of failed mail has been processed:

   p=reject; pct=X;  fallback to p=quarantine
   p=quarantine; pct=X;  fallback to p=none
   p=none;  pct=X  fallback to UNDEFINED, N/A

where X can be 0 to 100.

When pct=100, which is the default, then the fallback would not apply 
since the explicit domain policy is applied to all DMARC failed 
messages. The receiver rejects mail with p=reject and quarantines mail 
with p=quarantine.

If there is an explicit pct=0, then effectively, the fallback is to be 
applied immediately, thus:

p=reject; pct=0; is effectively equivalent to p=quarantine; pct=100;

and

p=quarantine; pct=0; is effectively equivalent to p=none; pct=100;

Because of the fallback and quarantine implementation complexity and 
how failed messages can reach users, the OP is proposing to abolish 
the quarantine policy.


-- 
HLS