On Thu 03/Jun/2021 05:45:33 +0200 Murray S. Kucherawy wrote:
I don't understand what "demeaning a domain's policy" means.
I meant to say that p=quarantine; pct=0 is to be considered a strict policy to
all effects. Saying so should prevent reasoning something like "Oh, they said
quarantine, but since pct=0 it is somewhat faked, so I'll skip X", where X
could be rewriting From:, displaying a BIMI image, record aggregate data, or
any other action that might depend on the policy. That is to say pct=0 does
not alter the value of p=, otherwise testing becomes a nightmare.
Perhaps my point would be obvious if the protocol allowed floating point
values. Setting pct=1e-37 would have effects equivalent to pct=0, and setting
a boundary somewhere to distinguish what is valid from what is not would show
up all of its arbitrariness.
Best
Ale
--
On Fri, May 28, 2021 at 10:20 AM Alessandro Vesely <[email protected]> wrote:
On Fri 28/May/2021 17:43:37 +0200 Todd Herr wrote:
Consensus on Ticket #47 <https://trac.ietf.org/trac/dmarc/ticket/47>
(Removal of "pct" tag) was reached during the May 27 DMARC Interim to
keep the tag, but to rewrite its definition in whole or in part to make
its usage better understood. >>
I think the text in RFC 7489 is quite good. Perhaps a word could be added
for pct=0; for example:
OLD
pct: (plain-text integer between 0 and 100, inclusive; OPTIONAL;
default is 100). Percentage of messages from the Domain Owner's
mail stream to which the DMARC policy is to be applied. However,
this MUST NOT be applied to the DMARC-generated reports, all of
which must be sent and received unhindered. The purpose of the
"pct" tag is to allow Domain Owners to enact a slow rollout
enforcement of the DMARC mechanism. The prospect of "all or
nothing" is recognized as preventing many organizations from
experimenting with strong authentication-based mechanisms. See
Section 6.6.4 for details. Note that random selection based on
this percentage, such as the following pseudocode, is adequate:
if (random mod 100) < pct then
selected = true
else
selected = false
NEW
pct: (plain-text integer between 0 and 100, inclusive; OPTIONAL;
default is 100). Percentage of messages from the Domain Owner's
mail stream to which the DMARC policy is to be applied. However,
this MUST NOT be applied to any other use, such as skipping DMARC
reports or demeaning a domain's policy. The purpose of the
"pct" tag is to allow Domain Owners to enact a slow rollout
enforcement of the DMARC mechanism. Using this tag, organizations
can experiment with strong authentication-based mechanisms while
lowering or even voiding the risk of non-delivery. See Section
6.6.4
for details. Note that random selection based on this percentage,
such as the following pseudocode, is adequate:
if (random mod 100) < pct then
selected = true
else
selected = false
jm2c
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
