On 29.12.2011 20:05, Shmuel (Seymour J.) Metz wrote: > In <[email protected]>, on 12/29/2011 > at 01:38 PM, Alessandro Vesely <[email protected]> said: > >> * Neither the RFC nor the draft mention degrading the offending IP's >> profile at the firewall. > > I assume that you mean RFC 6449 and not RFC 5965.
Yes, RFC 6449 and draft-ietf-marf-as. For example, I have a script that bans an IP for a year, at the firewall level. I call it for intractable spammers. The script checks the IP, and if it finds SMTP listening there, it sends an ARF message there, RCPT TO: <postmaster>, telling them it is about to ban the IP. It rarely works, but sometimes sorts a visible effect. Neither of those methods are mentioned in either the RFC or the draft. >> * The RFC says replying to feedback is useless. > > I don't see that, although I do see "not necessary". Yes, the Third thing in Section 4.3 of the RFC. For unsolicited feedback, consider the first ARF messages that an MTA submits to a given consumer. MTAs should keep a database of consumers that they send feedback to. New entries in the database need to be assessed, and a reply in such cases would be useful. For example, the feedback generator could add a Reply-To field to the header of the ARF messages in case it wishes to receive an acknowledge. >> The obvious correction for an acknowledged policy contravention >> is to remove the email address of the original recipient from >> whatever storage it was retrieved from for sending the reported >> message, including mailing lists. > > I would say that the obvious for an acknowledged policy contravention > is to remove all email address that contravene the policy, not just > the one in the ARF report. Failing to do so could lead to blocking of > the sending IP or IP block. Yes, you already said so on 4 Sep, in the last paragraph of http://www.ietf.org/mail-archive/web/marf/current/msg01289.html I amended that paragraph in my working copy, by adding the sentence that you did not quote. Then I proposed it for the Security Considerations of marf-as. As there is no non-invasive established method to prove subscriptions (yet) I don't think it could make much sense to suggest to carry out such kind of check, e.g. by asking each user to reconfirm subscription. _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
