ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard

2012-03-02 12:28:53
from [Murray S. Kucherawy] [Permanent Link] 
-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org 
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Scott Kitterman
Sent: Friday, March 02, 2012 9:19 AM
To: ietf(_at_)ietf(_dot_)org
Subject: Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF
Authentication Failure Reporting using the Abuse Report Format) to
Proposed Standard


   "The HELO/EHLO command SHOULD also be selected so that it
    will pass [SPF] HELO checks."

I could not understand what to do about the above recommendation.
FWIW, the command is specified in RFC 5321.  That specification is
not referenced by this draft.


Yes, that needs to be clarified, the reference added, and the typo in
the section title needs correction.


I agree I should add the reference to 5321.  Is informative sufficient
(I don't think any detailed understand of Mail From or EHLO/HELO is
necessary to implement this spec).

I can see the construction is awkward, but I'm not sure how to make it better.
I'd appreciate suggestions.


I suggest:

OLD:
   In addition to the advice in security considerations of
   [I-D.IETF-MARF-AS] the additional consderations apply to [SPF] auth
   failure reports.  If the MAIL FROM command is not the NULL return
   address, i.e., "MAIL FROM:<>", then the selected MAIL FROM address
   MUST pass [SPF] MAIL FROM checks on receipt.  The HELO/EHLO command
   SHOULD also be selected so that it will pass [SPF] HELO checks.

NEW:
        In addition to the advice in the Security Considerations section of
        [I-D.IETF-MARF-AS], these additional considerations apply to
        generation of [SPF] authentication failure reports:

        o If the return address to be used will not be the NULL return
          address, i.e., "MAIL FROM:<>", then the selected return address
          MUST be selected such that it will pass [SPF] MAIL FROM checks
          upon initial receipt.

        o If the report is passed to the Mail Submission Agent (MSA)
          using [SMTP], the HELO/EHLO command parameter SHOULD also be
          selected so that it will pass [SPF] HELO checks.

If needed, MSA is defined in RFC5598, so maybe this is another argument for 
adding it as an informative reference and changing to use ADMD as discussed in 
the other thread.

-MSK
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard, Murray S. Kucherawy
Next by Date:  Re: provisioning software, was DNS RRTYPEs, the difficulty with, Paul Hoffman
Previous by Thread:  Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard, Scott Kitterman
Next by Thread:  Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]