[opendmarc-users] Override Quarantine?

postfix at ptld.com postfix at ptld.com
Thu Jul 15 18:04:17 PDT 2021


> On 07-15-2021 8:37 pm, Simon Wilson wrote:
> Taking such a black and white view of processing inbound emails is,
> IMHO, flawed. Your system, your choice and all that, but you **will**
> end up with false positives proceeding down that path.

What false positive? At this point DMARC has already failed, instead of 
being rejected its being put into the black hole quarantine. Then what? 
The user still isn't getting the email. It sits there never to see the 
light of day until an administrator reviews it to either delete or 
deliver. Privacy? You think users want me reading their email playing 
arbitrator? At least with a reject a valid sender gets feedback that the 
recipient never got the email.


> Note the DMARC RFC:
>   If email is subject to the DMARC policy of "quarantine", the Mail
>     Receiver SHOULD quarantine the message.

Yes, spam folder isn't quarantine and SHOULD isn't MUST. If one wants to 
get "technical" opendmarc COULD offer a setting like 
reject_quarantine=yes without breaking RFC.

Its ironic to me how everyone is such a stickler for the RFC's yet use 
RBL's. Aren't people outright rejecting a message that the RFC said you 
MUST accept or SHOULD have quarantined? There are spammers who follow 
every RFC rule and their emails pass every test but still get rejected 
against the RFC, where is the outrage! :)


> However... if you are determined to not receive emails with
> p=quarantine it is a trivial matter to have something like
> SpamAssassin (or I assume rspamd etc, I don't use that) assess the
> OpenDMARC AuthenticationResult header and kill-shot it (either as a
> milter to reject or as part of later processing for internal discard).

Yes, however that is still accepting then discarding and not rejecting.
Thank you for giving some other options.


More information about the opendmarc-users mailing list