IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

Dotzero <dotzero@gmail.com> Wed, 02 December 2020 03:02 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9CE43A1084 for <dmarc@ietfa.amsl.com>; Tue, 1 Dec 2020 19:02:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B1J-dPAtCzWa for <dmarc@ietfa.amsl.com>; Tue, 1 Dec 2020 19:02:11 -0800 (PST)
Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 892133A107C for <dmarc@ietf.org>; Tue, 1 Dec 2020 19:02:05 -0800 (PST)
Received: by mail-qt1-x82f.google.com with SMTP id v11so86712qtq.12 for <dmarc@ietf.org>; Tue, 01 Dec 2020 19:02:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kU1KoRnVyi6kPEPphpkeTOsMa7mxaXb8sccZ8Ri2N/Y=; b=d1IzYTwG47pFc5SfiGpxyjShx4pylcK6ZMGRx/n530WOBtZVnMaI056i2C3iOsViaq LMFxaxNOryiaa1NJFAVopcAnkzD1mfzkrZUAslcPhZQHU2VkkyQ6wW4oTPyiOSymFqrH NN1aCupDmbSIL+NijbuflyYzaWuCdQO6As5tnaz6Myx4nVvK0crHFaGQlSdwOz6yZDNn 5R1ydNsb3JrKgkPgsSwhVjQnqMNHOQvce1adYxoVatu5wHCqazZOOErugSD7+RM9prwd EIGNGR8RPWy3ef9Wka15B68jwhZKABRV8U2xQhlQci3rAIsgiBHBsTmM/gGEhXPUEslH Ua+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kU1KoRnVyi6kPEPphpkeTOsMa7mxaXb8sccZ8Ri2N/Y=; b=eMFM9cpUrfLJOMbm5IipV2C+lUqtKcJxoLtaKkaazKEqqCM2XlnJum330hkUC+wwwS 5R2VUlp5KRT7FUkU15sR78Wb2C2KiQhZqbbs61QR8ERV79doEL49w9y+4UtB5HY8VuwA nN2HfOduNnGEMCQ9h6KhNHVpUTHf4GNFcZ3qQupy51QzvgFj3iXwHZh0jNyPdhYaXvVq EHbh+REBghxFD46m8P4dyI8vTZsKWI7smh0b34Mqw8sUizg2SE2ZdUkuNBbnhPXlWHZk zaW3tqcc+2lp7Tmo9GD2N9jrA5nEBSh0ui4YBJ8ZkR397ws2TzS9N8WELdboqiFjQl+E bRrQ==
X-Gm-Message-State: AOAM530mrXzhk9GmRrPOzCvqG1VONDIVsP5mu1EiVGLSgXofdDRhUIoO C4LaUWHA7OsoWHgkc5f5xqHILZ3pJ3nzY703cfnR+/wn
X-Google-Smtp-Source: ABdhPJyS071X6JMmAxfllh2Ibt0sbd+nSKk7IbUrh/r+JDROZp49wqEudSJ08RmXifGB4MeZlMhY3DHrStCy+w58XkU=
X-Received: by 2002:ac8:5d53:: with SMTP id g19mr654874qtx.354.1606878124502; Tue, 01 Dec 2020 19:02:04 -0800 (PST)
MIME-Version: 1.0
References: <a49a7a79-6c52-ded7-60a3-754cd12fb7c3@taugh.com> <2fc01257-3307-c453-18a0-bc423dccfe6a@gmail.com> <CAH48Zfx448mxL9Btmqp0xUCK88yN9=h6Qus-4u4J2_W14aXwUw@mail.gmail.com> <e4ce658f-3a19-aa24-0fb2-2078d06fcc34@crash.com>
In-Reply-To: <e4ce658f-3a19-aa24-0fb2-2078d06fcc34@crash.com>
From: Dotzero <dotzero@gmail.com>
Date: Tue, 01 Dec 2020 22:01:53 -0500
Message-ID: <CAJ4XoYc449sNvfkGbibc8xzfUvxkZkSNFzjnzxg2SjbftA8FYg@mail.gmail.com>
To: Steven M Jones <smj@crash.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cef2a205b572773e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/zP93ZA3rpRQcWdAXJ4WszsgHcsw>
Subject: Re: [dmarc-ietf] Ticket #39 - remove p=quarantine
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 03:02:21 -0000

On Tue, Dec 1, 2020 at 8:43 PM Steven M Jones <smj@crash.com> wrote:

> On 12/1/20 4:16 PM, Douglas Foster wrote:
> >
> > I have always assumed that p=quarantine and pct<>100 were included to
> > provide political cover for "Nervous Nellies" who were afraid to
> > enable p=reject.
>
> p=none, p=quarantine, and the pct= option were all included so that
> organizations could set policies according to their own risk/reward
> evaluation, including changes to those evaluations over time.
>

Absolutely agree with Steve on this. The key phrase is "risk/reward
evaluation". As about the first person to publish DMARC records (before the
specification was public), I went straight to p=reject, but I had the
benefit of feedback from participating mailbox providers before we even had
an agreed upon reporting format. Even with that, I missed one oddball
server for both DKIM signing and SPF. The organization I worked for had a
number of heavily abused domains from a direct domain abuse perspective.
None of the mail was going through mailing lists or other intermediaries
other than a very small fraction of a percent going through vanity domains,
etc. My point is that if my circumstances were different I might have gone
through p=quarantine or even stayed there permanently.

>
>
> > Pct<>100 is pretty much similar.   A sender can specify pct=20, but
> > that does not mean that I am going to allow spam into my system 80% of
> > the time simply to make the sender happy.
>
> I really hope no casual readers get the impression that DMARC bypasses
> spam filtering. DMARC evaluations are expected to be independent of spam
> evaluations. If there's any overlap here, perhaps it would be for DMARC
> (and/or underlying protocols) to provide reliable domain attribution to
> drive a local policy decision about filtering.
>

DMARC does one thing and one thing only - It mitigates direct domain abuse.
It does not stop spam, phishing or a multitude of other problems.

>
>
> > Leaving it deployed is a useful ruse to promote deployment.   I favor
> > leaving both mechanisms in place.
>
> While I deplore characterizing these policy elements as a "ruse," I
> agree that p=quarantine should be kept.
>

Again, I agree with Steve on this.

Michael Hammer

v2.23.0 | Report a Bug | By Email