3

Anyone know what actually a sampled out override reason mean in DMARC aggregated daily reports? I only get those from GMail and recently I've got some complains of undelivered messages from recipients or complaints that messages land in spam folder. My SMTP server log doesn't show any problems, everything sends out smoothly with clear status=sent (250 2.0.0 OK) to gmail recipients.

As far as I know, the override reason is a local policy applied by a receiving server and I just wonder how it affects actual deliverability? I've received a GMail DMARC report today saying that out of total 396 messages sent yesterday:

  • 82 messages got no policy or policy override reason applied
  • 314 messages got no policy applied, but got policy override reason: sampled_out

I wonder what is the fate of those 314 msgs.

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
squirrely
  • 209
  • 3
  • 11

1 Answers1

3

sampled_out means that messages that were actually supposed to have your specified policy applied were exempted from this and instead got the next "better" policy applied instead. This based on that your DMARC record specifies that only a certain percentage should have the policy applied (this option exists to allow slow rollouts).

Ie, it seems that those messages "got lucky" based on your specified pct value and for instance got quarantined instead of rejected.

In the case of your 314 messages, maybe the "got no policy applied, but got policy override reason: sampled_out" should actually be read as that they already had the policy "none" applied but still were in the percentage that shouldn't get the policy applied? (Which I suppose means nothing really happened.)

From the DMARC specification:

If the "pct" tag is present in a policy record, application of policy is done on a selective basis. The stated percentage of messages that fail the DMARC test MUST be subjected to whatever policy is selected by the "p" or "sp" tag (if present). Those that are not thus selected MUST instead be subjected to the next policy lower in terms of severity. In decreasing order of severity, the policies are "reject", "quarantine", and "none".

https://datatracker.ietf.org/doc/html/draft-kucherawy-dmarc-base-04#section-6.1

sampled_out: Message was exempted from application of policy by the "pct" setting in the DMARC policy record.

https://datatracker.ietf.org/doc/html/draft-kucherawy-dmarc-base-04#page-75

Community
  • 1
Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90
  • I do have p=reject ant pct=20 specified at the moment. But I believe I was getting some sampled outs when I had DMARC in monitor and latter in quarantine settings also. By the way, 82 msgs from 396 total would be ~20% in that matter. But the pct value only applies for DMARC failed messages? – squirrely Jun 14 '14 at 10:39
  • It is my understanding as well that `pct` should only be applied in the `reject` and `quarantine` cases, however I suppose doing so also in the `none` case should not actually change the end result. Does looking at the raw DMARC report make the situation any clearer? – Håkan Lindqvist Jun 14 '14 at 10:57
  • I use dmarcian.com xml-to-human converter to inspect reports, but I checked the raw xml file and it doesn't reveal any more detail. The explanation of `sampled out` you provided is obvious in fact that no policy was applied. That is clearly stated in the report I received. But it doesn't explain what that actually means and how messages ar further processed. I guess it's only up to Google to tell what actually happens to emails flagged `sampled out`. – squirrely Jun 14 '14 at 11:30