On Sat, Sep 9, 2023 at 11:16 AM Douglas Foster < [email protected]> wrote:
> I understand the phased roll-out goal, but phased rollout and percentages > are not applicable to the evaluator's task. > > I start with an assumption that message sources reflect the character of > the individual or organization that controls the source. Malicious > traffic comes from malicious people. Innocuous traffic comes from > non-malicious people. Determining the identifier which indicates > the responsible people can be a little tricky, but once the responsible > identifier is determined, it is a binary issue > > [...] > I think this is ascribing layers of complexity to what was supposed to be a simple capability. Maybe that's the way things are now and not how they were in 2015, but really, if I as a sender am using "pct=" then I'm not confident in the outcome, and as a receiver I think it's reasonable to infer that you shouldn't be either; the sender is experimenting. Trying to divine spam vs. ham in such a situation is to my mind about as reliable as dowsing. > DMARC flags possibly-suspicious senders, not possibly-suspicious messages, > and an evaluator should use it accordingly. > How is that possible, when different messages even from this domain take different paths to their destinations, and can easily result in different outcomes? > Assume that Example.com is at 70% rollout, which means that of their 10 > sources, 7 are DKIM-signing, two are doing SPF-only, and 1 is a non-signing > ESP. > I don't understand your use of "source". Are you saying example.com has 10 different entities sending mail using that domain? If so, I can assure you that none of that was considered when we defined "pct" in the first place. The definition of "pct" doesn't talk about sources, it talks about individual messages, evaluated independently. It's meant to be applied in aggregate across all messages purporting to be from that domain, independently and irrespective of source. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
