Hello Kurt,
somebody wrote somewhere (I can search for this statement if necesssary), that
p=quarantine; pct=0; is the way to test, whether the DMARC setup is working
correctly and get failure reports.
So the difference between p=quarantine; pct=0; and p=none is that in the
former case a verification of a presumably ready setup is done. During this
verification, I think, From: (@akamai.com) should be changed by MLMs, as if pct
wasn’t zero, in order to be sure that things will continue to run smoothly once
pct is increased.
With other words, pct being present, zero or absent has no impact on the
non-aggregate failure reports per message.
There is no such thing as “level”: quarantine is not one level less that reject.
Regards
Дилян
On January 25, 2019 9:06:21 PM GMT+01:00, "Kurt Andersen (b)"
<kboth(_at_)drkurt(_dot_)com> wrote:
On Fri, Jan 25, 2019 at 1:29 AM Дилян Палаузов
<dilyan(_dot_)palauzov(_at_)aegee(_dot_)org>
wrote:
DNS TXT _dmarc.akamai.com contains “v=DMARC1; p=quarantine; pct=0;
rua=mailto:akamai(_at_)rua(_dot_)agari(_dot_)com, mailto:
mailauth-reports(_at_)akamai(_dot_)com;
ruf=mailto:akamai(_at_)ruf(_dot_)agari(_dot_)com;
sp=none”.
The MLM does not rewrite From:. Delivering the
email to the mailing lists recipients leads to failed DMARC and a
(not
aggregated) report is generated per delivered
message.
Shouldn’t ietf-smtp(_at_)ietf(_dot_)org change the From:, when for the domain
p=quarantine is set, just as for p=reject, in order
to avoid generating useless reports, and ensuring delivered emails?
(Handling “quarantine” as “reject” on the
recipients’ side is not neccesary wrong).
Based on the definition of how "pct" is handled, 0% of the messages
going
through DMARC evaluation should be affected. The DMARC spec says:
(6.3) Percentage of messages from the Domain Owner's mail stream to
which
the DMARC policy is to be applied. However,
(6.6.4) If the "pct" tag is present in the policy record, the Mail
Receiver
MUST NOT enact the requested policy ("p" tag or "sp" tag") on more than
the
stated percent of the totality of affected messages.
When implementers are doing "funny stuff" like selectively manipulating
from addresses, it is debatable as to what the absolute "right" thing
is
since the definition of non-sampled message treatment is one level less
than the "p=" specification - in this case that would be "none".
--Kurt
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp