As part of our BCP efforts, we want to determine which areas we should
pursue, and how to proceed in them. Below is a copy of a message from
the old BCP list outlining some of the areas we can be looking into. We
are seeking comments from list members about this, and will consider
creating subgroups to pursue specific efforts.
Sincerely,
Yakov Shafranovich
Co-Chair, ASRG
----------------------------------------------------------------------------------------
Date: Sun, 30 Nov 2003 16:47:36 -0500
From: Philip Miller
To: ASRG-BCP Mailing List
In light of the recent discussions on the list involving how a recipient MTA
should respond to the current practices of senders, I thought we should try
to assemble a list of everyone whose practices we might make recommendations
for.
Here's my first cut at such a list:
1. Message originators - human users, automated software
{developers,administrators} (order confimation/receipt systems)
2. Message originating system {administrators,developers} - the MTA which
the originators connect to. Normally, this is a corporate or ISP MTA. In
this role, an MTA is moving a message from submission to transport.
3. Relaying MTA {administrators,developers}
4. Recipient MTA {administrators,developers}
5. Final recipients - human users, automated software {admins,devs}
6. MUA Authors
7. Support personnel (corporate IT/help desk, ISP installers, etc.)
8. Message examination software {devs,admins} - Spam filters, virus scanners
9. Mailing list software - developers, admins, subscribers, users
I expect that I've missed a few here.
Once we have a relatively comprehensive list, we should assemble all of the
'common sense' best practices that have been somewhat implicit in
discussions on this list, but may not be eminently apparent to any random
person. We can collect them for draft publication, but we should probably
evaluate them first in light of their effect.
One practice that is assumed but rarely explicitly stated is strictly
following the relevant standards and pushing users to do the same. For
example, the Postfix documentation recommends using a domain name in the
$myorigin configuration setting (used as its outgoing HELO/EHLO argument),
but it doesn't make it clear that there are relevant standards that have
place requirements on the contents of this field. It's quite possible to
place random garbage here instead of an FQDN, and I don't think Postfix even
prints a warning if one does.
Philip Miller
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Some lies are easier to believe than the truth" (Dune)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg