ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard

2012-03-02 18:55:19
from [Scott Kitterman] [Permanent Link] 
On Friday, March 02, 2012 06:28:32 PM Murray S. Kucherawy wrote:

-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org 
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of
Scott Kitterman Sent: Friday, March 02, 2012 9:19 AM
To: ietf(_at_)ietf(_dot_)org
Subject: Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF
Authentication Failure Reporting using the Abuse Report Format) to
Proposed Standard


   "The HELO/EHLO command SHOULD also be selected so that it
   
    will pass [SPF] HELO checks."

I could not understand what to do about the above
recommendation.
FWIW, the command is specified in RFC 5321.  That specification
is
not referenced by this draft.


Yes, that needs to be clarified, the reference added, and the typo
in
the section title needs correction.


I agree I should add the reference to 5321.  Is informative sufficient
(I don't think any detailed understand of Mail From or EHLO/HELO is
necessary to implement this spec).

I can see the construction is awkward, but I'm not sure how to make it
better. I'd appreciate suggestions.


I suggest:

OLD:
   In addition to the advice in security considerations of
   [I-D.IETF-MARF-AS] the additional consderations apply to [SPF] auth
   failure reports.  If the MAIL FROM command is not the NULL return
   address, i.e., "MAIL FROM:<>", then the selected MAIL FROM address
   MUST pass [SPF] MAIL FROM checks on receipt.  The HELO/EHLO command
   SHOULD also be selected so that it will pass [SPF] HELO checks.

NEW:
      In addition to the advice in the Security Considerations section of
      [I-D.IETF-MARF-AS], these additional considerations apply to
      generation of [SPF] authentication failure reports:

      o If the return address to be used will not be the NULL return
        address, i.e., "MAIL FROM:<>", then the selected return address
        MUST be selected such that it will pass [SPF] MAIL FROM checks
        upon initial receipt.

      o If the report is passed to the Mail Submission Agent (MSA)
        using [SMTP], the HELO/EHLO command parameter SHOULD also be
        selected so that it will pass [SPF] HELO checks.

If needed, MSA is defined in RFC5598, so maybe this is another argument for
adding it as an informative reference and changing to use ADMD as discussed
in the other thread.


Thanks.  Done (including replacing domain owner) in my local copy.

Scott K
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard, Scott Kitterman
Next by Date:  Re: Last Call: <draft-melnikov-smtp-priority-07.txt> (Simple Mail Transfer Protocol extension for Message Transfer Priorities) to Proposed Standard, Hector
Previous by Thread:  RE: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard, Murray S. Kucherawy
Next by Thread:  Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard, Hector
Indexes:  [Date] [Thread] [Top] [All Lists]