On 12/1/20 4:16 PM, Douglas Foster wrote:
I have always assumed that p=quarantine and pct<>100 were included to provide political cover for "Nervous Nellies" who were afraid to enable p=reject.
p=none, p=quarantine, and the pct= option were all included so that organizations could set policies according to their own risk/reward evaluation, including changes to those evaluations over time.
Pct<>100 is pretty much similar. A sender can specify pct=20, but that does not mean that I am going to allow spam into my system 80% of the time simply to make the sender happy.
I really hope no casual readers get the impression that DMARC bypasses spam filtering. DMARC evaluations are expected to be independent of spam evaluations. If there's any overlap here, perhaps it would be for DMARC (and/or underlying protocols) to provide reliable domain attribution to drive a local policy decision about filtering.
Leaving it deployed is a useful ruse to promote deployment. I favor leaving both mechanisms in place.
While I deplore characterizing these policy elements as a "ruse," I agree that p=quarantine should be kept.
--S. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
