ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

TECH-OMMISSION: Time Phasing Rules For Records Not Included In Core and Protocol (was RE: PRA Patent: License for Display in MUAs?)

2004-09-03 13:00:06
from [Scott Kitterman] [Permanent Link] 


-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Jim Lyon
Sent: Friday, September 03, 2004 12:57 PM
To: Arnt Gulbrandsen
Cc: Michael R. Brumm; william(at)elan.net; IETF MARID WG
Subject: RE: PRA Patent: License for Display in MUAs?



On Friday, September 03, 2004 at 9:46 AM, Arnt Gulbrandsen wrote:

What happens if a message is sent on Saturday, the sender publishes a
new policy on Sunday, and the recipient's MUA attempts to verify the
message on Monday?


If I recall correctly, in the original CallerID spec:

1. If you're retiring use of an MTA, your record should continue
   to reference it for at least 28 days after it last sent outgoing
   mail.  and

2. An MUA must not attempt to validate messages received by their
   org more than 28 days ago.


-- Jim Lyon


Then we need to add those rules to the Sender-ID RFCs or prohibit MUA level
Sender-ID validation.

Recommend we add to core, page 8, paragraph 7.5:

   If an MUA is going to accomplish Sender-ID validation, the MUA
   MUST NOT attempt to validate messages received by their
   organization more than 28 days ago.

Recommend we add to protocol, page 24, a new paragraph 6.3:

6.3  Record Maintenance Time Requirements

   When sender policies change, it is important that old mechanisms
   not be remove prematurely.  Temporary errors between MTAs can
   legitimately delay mail delivery for several days.  Sender-ID
   validation by receiving MUAs may occur as much as 28 days after
   the message has been successfully received, see [CORE].

   Obsolete mechanisms SHOULD NOT be removed from permitted sender
   records until at least 32 days after the last legitimate use of
   the mail sender defined by that mechanism.  Earlier removal
   incurs the risk that legitimate mail will fail Sender-ID checks.

I say should not rather than may not because there are no doubt reasons that
senders might want to take the risk that mail would be lost rather than
leave the obsolete mechanism in the record.  Compromise of an MTA is one
reason that comes to mind.

32 is my uneducated guess, I welcome corrections.  I think it should be 28
days plus however long should be allowed for delayed delivery due to
transient errors.

Scott Kitterman
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  DEPLOY: Rejection of Sender ID does not result in standardization of SPF Classic, Rand Wacker
Next by Date:  Re: (DEPLOY) In Support of Sender ID, Mark C. Langston
Previous by Thread:  RE: PRA Patent: License for Display in MUAs?, Jim Lyon
Next by Thread:  Re: TECH-OMMISSION: Time Phasing Rules For Records Not Included In Core and Protocol (was RE: PRA Patent: License for Display in MUAs?), Mark Lentczner
Indexes:  [Date] [Thread] [Top] [All Lists]