On Fri, Dec 3, 2021 at 10:38 AM Todd Herr <todd.herr= 40valimail....@dmarc.ietf.org> wrote:
> We can have this conversation too. I will promise, however, that if the > group decides to keep 'pct', I will absolutely insist that the first > sentence in its definition be changed. Somehow, RFC 7489 got released with > this text: > > pct: (plain-text integer between 0 and 100, inclusive; OPTIONAL; > > default is 100). Percentage of messages from the Domain Owner's > > mail stream to which the DMARC policy is to be applied. > > > And I will go to my grave stating that DMARC policies cannot be applied to > messages that pass DMARC authentication checks, and the definitions of > 'quarantine' and 'reject' explicitly refer to messages that fail DMARC > authentication checks. > > The sentence should read something like this: > > Percentage of messages using the Domain Owner's domain and failing DMARC > authentication checks to which the DMARC policy is to be applied. > > I'd be happy with either of these two definitions: (a) All messages are subjected to DMARC checking, and "pct" identifies the percentage of messages failing the check that should be subjected to the policy; (b) "pct" identifies the percentage of messages subjected to the DMARC check, irrespective of the outcome. So the dice-roll happens either before you start DMARC, or after you find a "fail". They're not the same thing, and (again if "pct" stays) we need to be clear about which one people are expected to implement. The original intent, as I recall, was (a). We preferred that because if you choose early on to exclude the message you're handling, you avoid all that processing cost. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc