Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

In article <327860af-2fa7-63ee-4b89-6e7e383f3...@crash.com> you write: >> Do you think there was a shared understanding of how p=quarantine >> would be implemented? ... >quarantine." Rather that the Domain Owner is requesting whatever the >Receiver implements between rejecting the message and put

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

On 12/1/2020 7:03 PM, Steven M Jones wrote: Rather that the Domain Owner is requesting whatever the Receiver implements between rejecting the message and putting it in the inbox, and is willing to apply. Yes, but... The premise that an author domain owner can, in any way, direct the message

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

On 12/1/2020 7:01 PM, Dotzero wrote: DMARC does one thing and one thing only - It mitigates direct domain abuse. It mitigates direct domain abuse in the rfc5322.From field. It doesn't mitigate domain abuse anywhere else. d/ -- Dave Crocker dcroc...@gmail.com 408.329.0791 Volunteer, Silicon

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

On 12/1/20 6:16 PM, John Levine wrote: In article you write: On 12/1/20 4:16 PM, Douglas Foster wrote: I have always assumed that p=quarantine and pct<>100 were included to provide political cover for "Nervous Nellies" who were afraid to enable p=reject. p=none, p=quarantine, and the pct= opt

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

On Tue, Dec 1, 2020 at 8:43 PM Steven M Jones wrote: > On 12/1/20 4:16 PM, Douglas Foster wrote: > > > > I have always assumed that p=quarantine and pct<>100 were included to > > provide political cover for "Nervous Nellies" who were afraid to > > enable p=reject. > > p=none, p=quarantine, and th

Re: [dmarc-ietf] Domains and tree walk

In article you write: >I know of no other >standard that requires this type of relationship. Here at the IETF, the CAA DNS record that specifies which certificate authority can sign for what domains does a tree walk. If there is a CAA record at example.org it controls signing of foo.example.org

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

On Tue, Dec 1, 2020 at 10:07 AM Michael Thomas wrote: > > On 11/30/20 8:56 PM, Brandon Long wrote: > > Right, some of the other dkim-light or diff concepts we discussed would be > better than using l= > > We again got hung up on the 100% solution, though... something that > handled subject-prefix

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

In article you write: >On 12/1/20 4:16 PM, Douglas Foster wrote: >> >> I have always assumed that p=quarantine and pct<>100 were included to >> provide political cover for "Nervous Nellies" who were afraid to >> enable p=reject. > >p=none, p=quarantine, and the pct= option were all included so t

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

Doug, please keep your arguments focused on the technical merits of the matter, and do not make dismissive comments about users and their motivations. Those you refer to as nervous nellies are the domain owners who this protocol is designed for, many of whom are legitimately worried about blocking

[dmarc-ietf] Domains

I want to ask again why DMARC should consider any domain other than the one in the Header From. The purpose of DMARC should be stated right at the top of the proposed standard. It is intended to control use of a domain in the Header From. If the Header From has bla...@example.com, the DMARC record

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

On 12/1/20 4:16 PM, Douglas Foster wrote: I have always assumed that p=quarantine and pct<>100 were included to provide political cover for "Nervous Nellies" who were afraid to enable p=reject. p=none, p=quarantine, and the pct= option were all included so that organizations could set polic

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

I have always assumed that p=quarantine and pct<>100 were included to provide political cover for "Nervous Nellies" who were afraid to enable p=reject. As an example, suppose Nellie makes the decision enable p=quarantine and then goes badly: If the recipient reports reject instead of quarantine,

Re: [dmarc-ietf] Ticket #39 - remove p=quarantine

On 12/1/2020 3:17 PM, John R Levine wrote: #39 proposes that we remove p=quarantine.  I propose we leave it in, even if it is not very useful, because trying to remove it would be too confusing. If it is confusing to remove it, it is probably confusing to keep it, albeit a different confusio

Re: [dmarc-ietf] Ticket #1 - SPF alignment

1) ACCEPTABLE: Server Domain matches RFC 5322 From domain, and RFC 5321 Mail From is missing. HELO is an appropriate proxy for the missing Mail From, especially since a missing Mail From implies a system message, such as a server might need to generate. 2) NOT ACCEPTABLE: Server Domain matches

[dmarc-ietf] Ticket #39 - remove p=quarantine

We would like to close this ticket by Dec 15, two weeks from now, so short trenchant comments are welcome. #39 proposes that we remove p=quarantine. I propose we leave it in, even if it is not very useful, because trying to remove it would be too confusing. R's, John ==

[dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality

We would like to close this ticket by Dec 15, two weeks from now, so short trenchant comments are welcome. Ticket #1 is about https reporting. Early drafts of the DMARC spec had a poorly defined http report which we took out. I propose we add back https reporting similar to that for mta-sts,

[dmarc-ietf] Ticket #1 - SPF alignment

We would like to close this ticket by Dec 15, two weeks from now, so short trenchant comments are welcome. Ticket #1 is about SPF alignment. We need to replace references to 4408 with 7408, ando clarify what if anything we do with SPF HELO checks if the MAIL FROM is null. One possibility is t

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

On 11/30/20 8:56 PM, Brandon Long wrote: On Thu, Nov 26, 2020 at 12:59 AM Alessandro Vesely > wrote: On 25/11/2020 20:16, Michael Thomas wrote: > When I was at Cisco, with l= and some subject line heuristics I could get > probably like 90+% verificatio

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

On Tue 01/Dec/2020 05:56:46 +0100 Brandon Long wrote: > On Thu, Nov 26, 2020 at 12:59 AM Alessandro Vesely wrote: > >> On 25/11/2020 20:16, Michael Thomas wrote: >>> On 11/25/20 11:11 AM, Alessandro Vesely wrote: On 25/11/2020 19:24, Jesse Thompson wrote: > On 11/25/20 11:30 AM, Alessand