Nope, I mean 2 different things.
1. Why quarantine is useful (with pct=0). For example this mailing list ([email protected]) performs From rewrite (aka From munging), e.g. [email protected] is replaced with [email protected]. It's because corp.mail.ru has a strict DMARC policy (reject). [email protected] is not overwritten, because gmail.com has p=none and ietf.org only overwrites From only for domains with "quarantine" and "reject" policies. It's quite common behavior. If you are implementing DMARC for a new domain (let's say example.org), you usually start with "p=none". With p=none you receive reports for failed DMARC for different lists, like ietf.org. Before switching to stronger policy (p=reject), you may want to know which mailing list will still fail DMARC, and which lists perform From munging and, as a result, do not fail DMARC. For this purpose, before switching to "p=reject" it's useful to switch to "p=quarantine;pct=0". After this, you will only see mailing lists without From munging in DMARC reports. 2. Why quarantine should not be used with pct different from 0 If you start enforsing strong DMARC policy with "p=reject" and you have some previously uncatched misconfiguration (e.g. wrong envelope-from address in some once-in-the-month mailing), you see DMARC failures in your logs and you can react to this failures and even re-send the messages affected. If you start with "p=quarantine" you have no feedback except reports, and reports are received with a huge lag (up to 2 days) and do not provide sufficient information to catch the exact problem and you can not re-send the quarantined messages. 14.06.2019 18:42, Dotzero пишет: > > > On Fri, Jun 14, 2019 at 11:08 AM Vladimir Dubrovin > <[email protected] > <mailto:[email protected]>> wrote: > > > p=quarantine with pct=0 is useful to test DMARC with mailing > list/groups > which perform "From" rewrite based on DMARC policy. It's safe, because > it actually works like "none" but it causes From rewrites, because > it's > still considered as "quarantine". > > I would never recommend to use "quarantine" without pct=0, because it > can mask serious deliverability problems. > > > If the only thing they are using to check deliverability is DMARC > reporting, the person has other problems. You should be able to see > whether it passed/failed DKIM and SPF but that does not tell you > whether it was delivered to the end user (at all) or quarantined in a > SPAM folder. Many if not most receiving domains perform all sorts of > other checks on incoming mail. > > Michael Hammer > > Michael Hammer > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc -- Vladimir Dubrovin @Mail.Ru
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
