On Fri, Dec 3, 2021 at 10:38 AM Todd Herr <todd.herr=
40valimail....@dmarc.ietf.org> wrote:

> We can have this conversation too. I will promise, however, that if the
> group decides to keep 'pct', I will absolutely insist that the first
> sentence in its definition be changed. Somehow, RFC 7489 got released with
> this text:
>
>    pct:  (plain-text integer between 0 and 100, inclusive; OPTIONAL;
>
>       default is 100).  Percentage of messages from the Domain Owner's
>
>       mail stream to which the DMARC policy is to be applied.
>
>
> And I will go to my grave stating that DMARC policies cannot be applied to
> messages that pass DMARC authentication checks, and the definitions of
> 'quarantine' and 'reject' explicitly refer to messages that fail DMARC
> authentication checks.
>
> The sentence should read something like this:
>
> Percentage of messages using the Domain Owner's domain and failing DMARC
> authentication checks to which the DMARC policy is to be applied.
>
>
I'd be happy with either of these two definitions:

(a) All messages are subjected to DMARC checking, and "pct" identifies the
percentage of messages failing the check that should be subjected to the
policy;

(b) "pct" identifies the percentage of messages subjected to the DMARC
check, irrespective of the outcome.

So the dice-roll happens either before you start DMARC, or after you find a
"fail".  They're not the same thing, and (again if "pct" stays) we need to
be clear about which one people are expected to implement.

The original intent, as I recall, was (a).  We preferred that because if
you choose early on to exclude the message you're handling, you avoid all
that processing cost.

-MSK
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to