Dear all, when DMARC passes, there is no difference between p=reject and p=quarantine.
When DMARC fails validation, this means extra work for humans. This work can be done by the sending or by the receiving organization. With p=quaratine, the sending organization (domain owner) indicates, that the extra work is supposed to be done by the receiving organization. So for the senders it is just cheaper (in terms of less work) to publish p=quarantine. With p=reject, the sending organization (domain owner) indicates, that the extra work has to be performed by the sending server, which might be the domain owner or some suspects. However, it is ultimately up to the receiving site to decide, whether it wants to accept this extra work. If it does not accept the extra work, it just handles quarantine as reject. This does not violate the DMARC specitification. Do you have a story, why one wants to publish p=quaratnine? What is the use case for it? It just makes emails less reliable, as they end as Junk and this is very similar to discarding the emails. Imagine a mailing lists, where the recipient of an email address expands to several mailboxes on different domains. An incoming email fails DMARC validation before being distributed over the ML. The domain owner for that mail origin has published p=quarantine, this email cannot be delivered in the Junk folder of the recipient, because the mailing list itself does not have a junk folder. How about, deleting policy Quarantine and instead rephrasing policy Reject: It is up to the receiving server if it rejects messages failing DMARC, or accepts and delivers them as Junk. (This does not change the protocol, just the wording) Regards Дилян _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
