On 7/31/2019 11:32 PM, Murray S. Kucherawy wrote:
On Sun, Jul 28, 2019 at 6:37 AM Tim Wicinski <tjw.i...@gmail.com
<mailto:tjw.i...@gmail.com>> wrote:
From our end user point of view, I'm against abolishing
quarantine, even with its current shortcomings.
Why's that?
-MSK, also hatless
My opinion.
How the receiver implements mail filters SHOULD always remain as local
policy.
We have always kept the concept open ended for all the DKIM Author
Domain policy proposals, including SPF where hard failures (SPF -ALL,
SSP Exclusive Policy, ADSP DISCARDABLE, DMARC reject/quarantine are
hard failures) can be handled as follows:
1- Immediate permanent rejection at SMTP
1.1 - with SPF before or after DATA state.
1.2 - with a DKIM POLICY after DATA state
2- Accept at SMTP, disconnect, silent discard.
3- Accept at SMTP, disconnect, import into User's non-primary in-box,
if any.
With a reject policy, the Author Domain prefers #1 or #2. but it can
be implemented all three ways by the receiver. The ultimate outcome is
a domain preference for rejectable failures not to reach the user's
eye balls.
With quarantine, the Author Domain is requesting #3 type of mail
handling because of concerns for false positives. Allow the user to
see the mail, just in case.
But what if the implementation site does not offer a "Quarantine" mail
storage capable design model? If this type of implementation is not
acceptable per DMARC design specification, then the spec will need to
state this possibility:
For Quarantine Policy support, the implementation SHOULD offer a
multiple
user mail folder storage and viewing capability. If the implementation
can not offer quarantine support, then it SHOULD
__________________________.
The author domain MUST be aware not all receivers can support a "Junk"
folder concept were quarantine mail can be separated from the
user's main
mail pickup in-box.
So, I think, we should keep the quarantine policy because it does
allow for the wider desirable design of for Mail Filtering Systems
where multiple user folders can be supported and also for domains who
are not yet 100% sure about issuing hard reject/discard directions.
If we take it out, there is still going to be receivers who will
perform a quarantine concept regardless of a hard reject policy.
--
HLS
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
