[Top] [All Lists]

Re: slight update to draft-macdonald-antispam-registry

2011-05-11 13:38:58

If was to become a standard, it would be a standard set of recommendations, not a standard for enforcement and for product oriented implementations who are in the business of providing options and features, not subjective locked out conclusions, it helps to have something some have a need for it.

In fact, many smtp systems are already doing this. Some results do trigger more alerts than just appending it in your general smtp.log file or session trace logs.

Its my opinion, no one needs to agree or be interested in it, that these anti-spam targeted responses can use the similar alert/severity insights on what is most smtp systems already do at some level, i.e. DoS attacks monitoring, or too many failed AUTH login attempts. For our system, an IP block notification is send to all hosting services, include FTP, TELNET, NNTP, etc.

Murray S. Kucherawy wrote:
-----Original Message-----
From: owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Hector 
Sent: Wednesday, May 11, 2011 9:25 AM
To: ietf-smtp(_at_)imc(_dot_)org
Cc: ietf-smtp(_at_)imc(_dot_)org
Subject: Re: slight update to draft-macdonald-antispam-registry

For something labeled under "Anti-Spam" related, I like the idea of
building a consensus for something along the lines of a "Alert Status"
(i.e. LOW, MED, HIGH) that provides the BCP for these X.8.YYY codes:

    Code:          5.8.11
    Sample Text:   IDENTITY has been compromised
    Associated Basic Status Code: 550
    Alert Status:  HIGH, Local Operator should be notified

I mean, what will most receivers do when the receivers detect and
determine the need to issues these X.8.YYY codes?  There was a reason
for it and many of these are pretty serious where a) you don't want to
encourage a retry, thus 55x 5.8.YYY is issued and b) the local
operator may needs to notified rather than just log it.

I don't think it's a good idea to create a standard that attempts to provoke 
specific behavior in receivers (in this case, SMTP clients that receive these 
messages).  Otherwise, I can return 5.8.11 for anything that I think your 
operators should deal with right away.

It's sufficient to describe the problem in detail and let the operator decide 
what's critical and what isn't.


Hector Santos

<Prev in Thread] Current Thread [Next in Thread>