ietf-mxcomp
[Top] [All Lists]

TECH-OMISSION: failure action is too restrictive in -core

2004-08-23 16:14:38

In section 5.3, this specification assumes all SPF checking will be done
at SMTP time which is not realistic.  Some examples: some
implementations may retest a message later to either verify Sender-ID
results, because the load was too high when the message was received,
because the SPF checking was done after-SMTP (SpamAssassin).

This section should also leave open other authentication methods such as
POP before SMTP, SMTP AUTH, etc.

In addition, when done at SMTP time, other actions may be desirable on
the MTA such as a temp fail, throttling, teergrubing, etc.

I recommend changing the paragraph to read:

   An SMTP server receiving this result SHOULD NOT treat the message as
   authentic.  However, it MAY treat the message as authentic or not
   authentic based on other authentication methods.  If the message is
   rejected during the SMTP session, the SMTP server SHOULD reject the
   message with a "550 5.7.1 Sender ID xxx - yyy" SMTP error, where
   "xxx" is replaced with the additional reason returned by the
   check_host function and "yyy" is replaced with the explanation string
   returned by the check_host function.

Section 5.5 has the same assumptions, but because "MAY" is used there,
it's not an issue for implementors.

-- 
Daniel Quinlan
http://www.pathname.com/~quinlan/


<Prev in Thread] Current Thread [Next in Thread>