Hello Murray, Yes, rewriting depends on policy. Look at From: headers for this mailing list (dmarc@ietf.org), you can see it only munges From address for domain with strict DMARC policy (if RFC5322.From domain publishes "quarantine" or "reject" policy). This is very common behavior, it can also be seen in Google Groups.
But, as it was correctly pointed by Dilyan Palauzov, there should be no difference between "p=quarantine;pct=0" and "p=reject;pct=0" for valid DMARC Mail Receiver implementation, so "p=reject;pct=0" can probably be used instead. 24.07.2019 18:27, Murray S. Kucherawy пишет: > On Fri, Jun 14, 2019 at 12:25 PM Vladimir Dubrovin > <dubrovin=40corp.mail...@dmarc.ietf.org > <mailto:40corp.mail...@dmarc.ietf.org>> wrote: > > Nope, I mean 2 different things. > > 1. Why quarantine is useful (with pct=0). > > For example this mailing list (dmarc@ietf.org > <mailto:dmarc@ietf.org>) performs >From rewrite (aka From > munging), e.g. dubro...@corp.mail.ru > <mailto:dubro...@corp.mail.ru> is replaced with > dubrovin=40corp.mail...@dmarc.ietf.org > <mailto:dubrovin=40corp.mail...@dmarc.ietf.org>. It's because > corp.mail.ru <http://corp.mail.ru> has a strict DMARC policy > (reject). dotz...@gmail.com <mailto:dotz...@gmail.com> is not > overwritten, because gmail.com <http://gmail.com> has p=none and > ietf.org <http://ietf.org> only overwrites From only for domains > with "quarantine" and "reject" policies. It's quite common behavior. > > If you are implementing DMARC for a new domain (let's say > example.org <http://example.org>), you usually start with > "p=none". With p=none you receive reports for failed DMARC for > different lists, like ietf.org <http://ietf.org>. Before switching > to stronger policy (p=reject), you may want to know which mailing > list will still fail DMARC, and which lists perform From munging > and, as a result, do not fail DMARC. For this purpose, before > switching to "p=reject" it's useful to switch to > "p=quarantine;pct=0". After this, you will only see mailing lists > without From munging in DMARC reports. > > > I'm confused; is this claiming that those rewrites happen by virtue of > the fact that "p=quarantine" is the published policy? Seems to me > that rewriting will happen irrespective of what the published policy > is for the From domain. > > Or is it the case that this changes the content of the aggregate > reports in a way you find meaningful? > > -MSK > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc -- Vladimir Dubrovin @ mail.ru
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
