Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99
Alessandro Vesely <vesely@tana.it> Fri, 16 July 2021 09:32 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A183D3A2FDA for <dmarc@ietfa.amsl.com>; Fri, 16 Jul 2021 02:32:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tCPA8JmP8rpN for <dmarc@ietfa.amsl.com>; Fri, 16 Jul 2021 02:32:20 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8997B3A2FD8 for <dmarc@ietf.org>; Fri, 16 Jul 2021 02:32:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1626427935; bh=VNQ7bW85MXom1Lgns0Ssl0sHOtbS2p3ChbhVXQxUcnY=; l=3534; h=To:References:From:Date:In-Reply-To; b=CmtUUMUKZdUoG9GYCkIRzAr0azZH+kIJ34xW9thfhSEaFmsh2MgpBarFy1awTf2Ma aOPixsFDjbtzpt/EbaqcsvbvmRpvxKhtOGvFvsPQ1SpVzDbf/38rXfOxEHBnT8wrtN jD30B4IiP1o8K8L6dORUFF4RvQOUayB8jstyNOKulfSfAsmfKGuLxHLQdUfuV
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0D1.0000000060F1521F.00004D16; Fri, 16 Jul 2021 11:32:15 +0200
To: Todd Herr <todd.herr@valimail.com>, IETF DMARC WG <dmarc@ietf.org>
References: <CAHej_8=yvgXP2WgHayhGU2Hg2E0RcNgZBFjfw1cM-qKWkTG-+w@mail.gmail.com> <CAH48Zfys9cwTskjjdeJ14Y-wDBuqLseDEEiNvwC9BonLAwMyVw@mail.gmail.com> <CAHej_8mTF7DFwDiCHBq_mK40E+vuFS6iB+MQ3Co3pS=ZdqXkcg@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <f45a2fb6-c907-feb9-fedd-4573f9685c0c@tana.it>
Date: Fri, 16 Jul 2021 11:32:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CAHej_8mTF7DFwDiCHBq_mK40E+vuFS6iB+MQ3Co3pS=ZdqXkcg@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/yC06K85r-CtmKMlJ20YWHokARFk>
Subject: Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2021 09:32:26 -0000
On Tue 13/Jul/2021 20:09:45 +0200 Todd Herr wrote: > On Tue, Jul 13, 2021 at 7:03 AM Douglas Foster wrote: > > > draft-ietf-dmarc-dmarcbis-02 instead starts with this text: > > pct: (plain-text integer between 0 and 100, inclusive; OPTIONAL; > default is 100). For the RFC5322.From domain to which the DMARC > record applies, the "pct" tag is the percentage of messages > producing a DMARC result of "fail" to which the Domain Owner > wishes its preferred handling policy be applied. > > Since the concept of applying DMARC policy to messages that produce a DMARC > result of "pass" doesn't exist, it doesn't make sense to claim that "pct" > applies to the entire mailstream. Why not? I'd say that a DMARC filter takes no action when dmarc=pass (except for setting Authentication-Results: and feedback data). The policy requests noop on pass, and it is applied indeed. > Next, draft-ietf-dmarc-dmarcbis-02 contains a substantial rewrite of the > Message Sampling section (now section 6.7.4) that goes to great lengths to > attempt to show that the desired pct value really can't be counted on to be > applied as asked for, and what might actually happen could vary widely from > what's desired. I find that section excessively long and difficult. It doesn't mention the key point that the percentage is more and more exact as the number of (failed) messages grows. Indeed, pct=20 doesn't say that the policy should apply to one of /the first five/ messages. The second paragraph of Section 6.7.4.2 surmises that the percentage is meant on a daily basis. From such assumption, it then infers its inexactness. The "pct" tag is a request to take a sample of a larger population and apply different rules to it. The population is made up of all messages that produce DMARC "fail" results for that domain in a given day, and the sample size is the percentage of that population represented by the value of the "pct" tag. It is trivial to perform this sampling to the exact number specified if the population size is known, but the nature of email is such that the population size cannot be known until all messages have been collected and evaluated that day. Email traffic tends to flow in spurts, not at a constant level throughout the day, and so a volume seen during any time slice cannot be extrapolated across a 24 hour period. Waiting until the end of the day to decide which messages to either quarantine or reject goes against all best practices and exposes the mail-receiving organization to vectors of abuse, and so we must approximate the population and sample sizes on the fly. It would be untroubled to consider the population to be made up of all messages for that domain during all of the time while the given DMARC record holds. The approximation then results from interrupting the message stream, or altering the record, before the applied percentage reaches the exact value expressed therein, which otherwise it will eventually meet. The last paragraph of Section 6.7.4.2 seems to say that pct affects reporting: * "0" - A request that zero percent of messages producing a DMARC "fail" result have the specified policy applied. While this is seemingly a non-sensical request, this value has been given special meaning by some mailbox providers when combined with certain "p=" values to alter DMARC processing and/or reporting for the domain publishing such a policy. I'd remove "and/or reporting". Best Ale --
- [dmarc-ietf] Priming the Pump for Discussion - Ra… Todd Herr
- Re: [dmarc-ietf] Priming the Pump for Discussion … Dilyan Palauzov
- Re: [dmarc-ietf] Priming the Pump for Discussion … Alessandro Vesely
- Re: [dmarc-ietf] Priming the Pump for Discussion … John Levine
- Re: [dmarc-ietf] Priming the Pump for Discussion … Douglas Foster
- Re: [dmarc-ietf] Priming the Pump for Discussion … Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Todd Herr
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Douglas Foster
- Re: [dmarc-ietf] Priming the Pump for Discussion … Steven M Jones
- Re: [dmarc-ietf] Priming the Pump for Discussion … John Levine
- Re: [dmarc-ietf] Priming the Pump for Discussion … Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Todd Herr
- Re: [dmarc-ietf] Priming the Pump for Discussion … Jim Fenton
- Re: [dmarc-ietf] Priming the Pump for Discussion … Jim Fenton
- [dmarc-ietf] Fwd: Priming the Pump for Discussion… Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Douglas Foster
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Barry Leiba
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dotzero
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Benny Pedersen
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dotzero
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 tjw ietf
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Laura Atkins
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Douglas Foster
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Steve Siirila
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Dave Crocker
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Laura Atkins
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Laura Atkins
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Matthäus Wander
- Re: [dmarc-ietf] Fwd: Priming the Pump for Discus… Barry Leiba
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Alessandro Vesely
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 John Levine
- Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99 Дилян Палаузов
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… John R Levine
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Benny Pedersen
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Douglas Foster
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… Alessandro Vesely
- Re: [dmarc-ietf] From: munging, was Ratchets - Di… John Levine