Remove pct= tag

[seth@…]

How pct= is written, how it is implemented, how it is understood, and how it actually works are all different. It's also not statistically sound, and has additional poorly understood real-world behavior when used with p=reject.

[todd.herr@…]

See also ticket #5

Elimination of the pct tag will result in removal of the following sections of text:

From "DMARC URIs":

pct:
:   (plain-text integer between 0 and 100, inclusive; OPTIONAL;
default is 100).  Percentage of messages from the Domain Owner's
mail stream to which the DMARC policy is to be applied.  However,
this MUST NOT be applied to the DMARC-generated reports, all of
which must be sent and received unhindered.  The purpose of the
"pct" tag is to allow Domain Owners to enact a slow rollout
enforcement of the DMARC mechanism.  The prospect of "all or
nothing" is recognized as preventing many organizations from
experimenting with strong authentication-based mechanisms.  See
(#message-sampling) for details.  Note that random selection based on
this percentage, such as the following pseudocode, is adequate:

    if (random mod 100) < pct then
      selected = true
    else
      selected = false

From "Formal Definition":

                    [dmarc-sep dmarc-percent]

and

  dmarc-percent   = "pct" *WSP "=" *WSP
                    1*3DIGIT

The entire "Message Sampling" section:

###  Message Sampling {#message-sampling}

If the "pct" tag is present in the policy record, the Mail Receiver
MUST NOT enact the requested policy ("p" tag or "sp" tag") on more
than the stated percent of the totality of affected messages.
However, regardless of whether or not the "pct" tag is present, the
Mail Receiver MUST include all relevant message data in any reports
produced.

If email is subject to the DMARC policy of "quarantine", the Mail
Receiver SHOULD quarantine the message.  If the email is not subject
to the "quarantine" policy (due to the "pct" tag), the Mail Receiver
SHOULD apply local message classification as normal.

If email is subject to the DMARC policy of "reject", the Mail
Receiver SHOULD reject the message (see (#rejecting-messages)).  If the email
is not subject to the "reject" policy (due to the "pct" tag), the
Mail Receiver SHOULD treat the email as though the "quarantine"
policy applies.  This behavior allows Domain Owners to experiment
with progressively stronger policies without relaxing existing
policy.

Mail Receivers implement "pct" via statistical mechanisms that
achieve a close approximation to the requested percentage and provide
a representative sample across a reporting period.

From "DMARC Tag Registry":

| pct      | RFC 7489  | current | Sampling rate                            |

In "Entire Domain, Monitoring Only", change the following:

*  All messages from this Organizational Domain are subject to this
   policy (no "pct" tag present, so the default of 100% applies)

to

*  All messages from this Organizational Domain are subject to this
   policy

or perhaps remove the bullet entirely since it adds no value without the mention of the pct tag

Last, rewrite the "Subdomain, Sampling, and Multiple Aggregate Reports URIs" section to remove mention of sampling and the use of the pct tag.

[todd.herr@…]

As reported in ticket #5:

Valimail data on 22 March 2021:

74790 DMARC records examined
 5548 have pct= tag
 5066 of those with pct= defined have pct=100
  482 of those with pct= defined have pct= other than 100
   53 of those with pct= defined have pct=0

[todd.herr@…]

Proposed text pushed to github and merged with main branch.

[alex_brotman@…]

I'm not sure I agree with removing pct completely, but seems like 0 and 100 should be ignored? The below is 1 day of data where a pct attribute was present. I removed the long tail of all sorts of broken records.

pct p percent
100 reject 51.194723
100 none 31.497058
100 quarantine 11.766201
10 none 1.680448
50 quarantine 0.750789
5 quarantine 0.373162
10 quarantine 0.343339
10 reject 0.334595
25 quarantine 0.220813
1 quarantine 0.202922
50 reject 0.201107
0 quarantine 0.181093
0 none 0.165156
20 quarantine 0.153728
1 none 0.140622
20 none 0.085060
70 quarantine 0.084914
75 quarantine 0.077796
90 quarantine 0.047547
30 reject 0.047254
75 reject 0.043798
90 reject 0.039404
30 quarantine 0.035075
90 none 0.031865
5 none 0.029756
25 none 0.029535
50 none 0.027966
40 quarantine 0.023774

[vesely@…]

Setting p=quarantine; pct=0 seems to be a useful idiom to control From: munging, albeit not so much used.

[todd.herr@…]

Consensus from 27 May 2021 interim (​https://datatracker.ietf.org/doc/minutes-interim-2021-dmarc-01-202105270900/) was to leave tag in specification but to rewrite its definition to make its implementation and shortcomings more clear.

Rev -02 of dmarcbis does this.