On Wed 31/Jul/2019 12:46:00 +0200 Scott Kitterman wrote:
>> Would it be possible to add a result of "quarantine"? Having dmarc=fail
>> and dns.policy=quarantine leaves a good deal of interpretation to the MDA.
>> If one could write dmarc=quarantine, a simple string search or regular
>> expression would do.
> That's a great example of why dns.policy= isn't the way to go. It's too
> generic. If it's dmarc.policy=quarantine, there's no ambiguity.
"dmarc" is already found in the methodspec. See below.
> You can't put quarantine as the DMARC result, because that's not what it is.
> The DMARC result is pass/fail/none.
A tentative regex (assuming untrusted ones removed, and no deceptive comments)
can be:
if
(/^Authentication-Results:.*dmarc\s*=\s*fail[^;]*dmarc\.policy\s*=\s*quarantine/)
to "./Maildir/.Junk";
You can see that spelling the ptype is redundant. While it is important to
report which published policy was applied, the choice of ptype boils down to a
question of taste. At any rate, the code exemplified above is still too
complicate to beat a well crafted comment. Consider:
Authentication-Results: example.com;
dmarc=fail dmarc.policy=quarantine (dmarc=quarantine);
and
if (/^Authentication-Results:.*dmarc\s*=\s*quarantine/)
to "./Maildir/.Junk";
Since you mentioned that conveying the outcome of the method in a comment is
not cool, I proposed to convey it in the result. I understand that the
semantics of results aspired to be boolean, pass and non-pass. The existing
flavors of non-pass, none, temperror, permerror and fail, exist in order to
suggest the appropriate action. To quarantine is one appropriate action.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
