|
Re: slight update to draft-macdonald-antispam-registry
2011-05-11 13:38:58
If was to become a standard, it would be a standard set of
recommendations, not a standard for enforcement and for product
oriented implementations who are in the business of providing options
and features, not subjective locked out conclusions, it helps to have
something some have a need for it.
In fact, many smtp systems are already doing this. Some results do
trigger more alerts than just appending it in your general smtp.log
file or session trace logs.
Its my opinion, no one needs to agree or be interested in it, that
these anti-spam targeted responses can use the similar alert/severity
insights on what is most smtp systems already do at some level, i.e.
DoS attacks monitoring, or too many failed AUTH login attempts. For
our system, an IP block notification is send to all hosting services,
include FTP, TELNET, NNTP, etc.
Murray S. Kucherawy wrote:
-----Original Message-----
From: owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Hector
Santos
Sent: Wednesday, May 11, 2011 9:25 AM
To: ietf-smtp(_at_)imc(_dot_)org
Cc: ietf-smtp(_at_)imc(_dot_)org
Subject: Re: slight update to draft-macdonald-antispam-registry
For something labeled under "Anti-Spam" related, I like the idea of
building a consensus for something along the lines of a "Alert Status"
(i.e. LOW, MED, HIGH) that provides the BCP for these X.8.YYY codes:
Code: 5.8.11
Sample Text: IDENTITY has been compromised
Associated Basic Status Code: 550
Alert Status: HIGH, Local Operator should be notified
I mean, what will most receivers do when the receivers detect and
determine the need to issues these X.8.YYY codes? There was a reason
for it and many of these are pretty serious where a) you don't want to
encourage a retry, thus 55x 5.8.YYY is issued and b) the local
operator may needs to notified rather than just log it.
I don't think it's a good idea to create a standard that attempts to provoke
specific behavior in receivers (in this case, SMTP clients that receive these
messages). Otherwise, I can return 5.8.11 for anything that I think your
operators should deal with right away.
It's sufficient to describe the problem in detail and let the operator decide
what's critical and what isn't.
--
Sincerely
Hector Santos
http://www.santronics.com
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: slight update to draft-macdonald-antispam-registry, (continued)
- Re: slight update to draft-macdonald-antispam-registry, Hector Santos
- RE: slight update to draft-macdonald-antispam-registry, Murray S. Kucherawy
- Re: slight update to draft-macdonald-antispam-registry,
Hector Santos <=
- RE: slight update to draft-macdonald-antispam-registry, Murray S. Kucherawy
- Re: slight update to draft-macdonald-antispam-registry, Hector Santos
- RE: slight update to draft-macdonald-antispam-registry, Murray S. Kucherawy
- Re: slight update to draft-macdonald-antispam-registry, Hector Santos
- RE: slight update to draft-macdonald-antispam-registry, Murray S. Kucherawy
- Re: slight update to draft-macdonald-antispam-registry, Hector Santos
- Re: slight update to draft-macdonald-antispam-registry, Jeff Macdonald
- Re: slight update to draft-macdonald-antispam-registry, Rolf E. Sonneveld
- Re: slight update to draft-macdonald-antispam-registry, Keith Moore
- Re: slight update to draft-macdonald-antispam-registry, Jeff Macdonald
|
|
|