ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: A new SMTP "3821" [Re: FTC stuff...........]

2004-12-08 13:57:16
from [Matthew Elvey] [Permanent Link] 

You had claimed:


The point is in order to accomplish this, the CSV (and others) state



machine must be based on a delay design mechanism.
This is totally false, and is not supported at all by your 15K post, which I have slogged through.
I am familiar with your claim that one MUST wait 'till RCPT TO: to do any validation. It's a false claim. 

Certainly doing so might be more efficient. That's not a false claim.



Re. Mixed policies discussion:
1)It's CSV, not CVS. 2)What part of
This is out of scope for CSV. IIRC, you've produced a doc that addresses this scope (or "presumes to", to use your own words) for a certain set of policies; it could could be revised to encompass CSV. CSV does not purport to do the coupling you claim it does not do properly. 

do you not understand?
We are in what's called 'violent agreement'. We AGREE: CSV must be considered in the reality of mixed policies. CSV *ITSELF* does not do so, however. We AGREE: doing the checks that are least costly first (which MAY mean delaying validation) is a good idea! 

In terms of the specific mixed policy issues you raised:
One only trusts Accredidation and Reputation services that one feels are Reputable! If the USA's DMA runs such a service, I doubt many folks will trust it! 


Should ELVEY.COM get blacklisted? or should a report be sent?
IMO, a blacklist that blacklists based on a delivery attempt *without having seen the content of the email, and therefore having no good way to know whether it was UBE* should not be trusted; there are legitimate reasons for CBV failures, IMO. So IMO, no. But again, let me re-emphasise, this is not part of the CSV protocol, and does not belong in it. It probably belongs in a BCP around usage. If a Accredidation and Reputation services maintainer feels that there are no legitimate reasons for CBV failures, ever, then Yes, the maintainer should ding elvey.com in the scenario you describe. I believe there is consensus among abuse desks that email abuse reports that don't include the header and body of the email are unlikely to be given much, if any weight.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: blowback, was A new SMTP "3821" [Re: FTC stuff...........], David Woodhouse
Next by Date:  Bounce handling, Douglas Otis
Previous by Thread:  Re: A new SMTP "3821" [Re: FTC stuff...........], Hector Santos
Next by Thread:  Re: Complaint on personal attack by Matthew Elvey by Dean Anderson of av8. (fwd), Dean Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]