[Top] [All Lists]

Re: [ietf-smtp] [dmarc-ietf] RFC 7372 on Email Authentication Status Codes

2014-09-18 17:06:42

On 17 Sep 2014, at 22:41, <ned+dmarc(_at_)mrochek(_dot_)com> 
<ned+dmarc(_at_)mrochek(_dot_)com> wrote:


On 09/16/14 05:08, Murray S. Kucherawy wrote:

This document registers code points to allow status codes to be
returned to an email client to indicate that a message is being
rejected or deferred specifically because of email authentication

This document updates RFC 7208, since some of the code points
registered replace the ones recommended for use in that document.

I hope this is not off topic here:

(chair hat on)

It is. I've cc'ed and directed replies to the ietf-smtp list, where this sort 
of discussion belongs.

(chair hat off)

RFC 7372 proposes to use a 550 response code for reverse DNS auth
failures, see section 3.3.


Reverse DNS checks are usually done early in the connection (like IP
blocks) in the connection establishment stage of the SMTP dialog.

RFC 5321 allows only a 554 error response there, see section 4.3.2.

You're misreading RFC 5321. Nowhere does it say that its lists of possible
responses are exhaustive. So it is perfectly permissible for RFC 7372 to
specify additional possible responses as long as they fit into the overal
theory of reply codes.

It doesn’t say that (well-known) reply codes can be chosen arbitrarily in
whatever SMTP stage as long as they fit some formal schema either.

What theory of reply codes?  THE theory of reply codes goes back to FTP
conventions and the 70s which were adapted to SMTP and HTTP and
other transfer protocols.   5yz is the well-known code for a permanent negative
completion, and x5z, the category code, that meant “protocol defined” in FTP
includes “policy defined” in SMTP.

So suggesting code 550 with its semantics is perfectly okay for any SMTP
stage but CONNECT because RFC 5321 and its ancestors fortunately are pretty
clear when discussing reply codes and sequencing.

But that isn’t the point.  The question is whether SMTP clients SHOULD also
expect a “policy code” in CONNECT and MAY act accordingly, and how this
is covered by said RFC.  My concern aren’t MUAs who might wonder what
colour to select for some doesn’t-work-popup but border MTAs where
semantics and interoperability matters.  Different from the reply message, the 
code is not just informal because in the real world, semantics come with system
behaviour.  We are fighting the battle of fending off bad reputations while 
ours every day.

This sort of thing has been done many times.

Certainly, including your own RFCs for some SMTP extensions.  But they didn’t
without also discussing implications.

So, shouldn't a 554 code be used here? Or does RFC 5321 need an update?

Neither. See above.


ietf-smtp mailing list