John, Thanks for your comments. I disagree on a couple of points.
First - the overall point of this is to be able to better report on authentication headers. If you are only doing dkim then the dkim reporting is probably a better bet than this one. This is meant to be the next step for marf for reporting authentication failures in a uniformed way. For 3.2.1 delivery result - you can default to other but the preference would be to keep it as a MUST Thanks H > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > John Levine > Sent: Friday, September 30, 2011 11:58 AM > To: [email protected] > Subject: Re: [marf] Comments on draft-ietf-marf-authfailure-report-01.txt > > Sorry not to get to this sooner. This draft has problems. It's not ready to > ship. > > Sec 3.1 says a report MUST include explicit auth results for both DKIM and > SPF. Well, no. I don't check SPF, so if people are only going to accept DKIM > failure reports if they also say something about SPF, they're not going to get > any reports from me. I expect people who check SPF but not DKIM feel the > same way, particularly for the large fraction of mail that has no DKIM > signatures to check. Suggest just removing this clause, and let people report > what they're reporting. > > Original-Envelope-ID and Original-Mail-From: same issue, they're not > relevant to DKIM, and by the time I check DKIM, it's often after SMTP is over > and the envelope isn't directly available. Suggest it say they SHOULD be > included if they are available. > > Source-IP: same problem. If you don't have the source IP, just leave it out, > don't lie. (And 0.0.0.0 is totally oldthink. The value I'm not going to include is > ::.) > > Message-ID: this is just wrong, RFC 5965 does not report it. > > 3.2.1: Delivery-result: what I do with my mail is none of your business. > This field has to be optional. > > 3.3: Why just spf rather than spf-fail, spf-softfail, spf-temperror, or spf- > permerror? If you're reporting an SPF problem, you presumably know what > your SPF checker returned. > > 4: SPF-DNS. If you're going to return a snapshot of the SPF record, shouldn't > you also return all the records it included? > > R's, > John > > > > > _______________________________________________ > marf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/marf _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
