On Wednesday, January 25, 2012 12:19:02 PM Murray S. Kucherawy wrote: > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf Of > > Scott Kitterman Sent: Wednesday, January 25, 2012 12:14 PM > > To: [email protected] > > Subject: Re: [marf] I-D Action: draft-ietf-marf-spf-reporting-03.txt > > > > > It's not a DSN proper, right, but we still want to avoid the same > > > situations that DSN has to avoid. > > > > OK. I changed it to "Similar to ..." > > It seems to me that we should say the same thing here. > > Here's what my working copy has: > > 6.2. Envelope Sender Selection > > In the case of transmitted reports in the form of a new message > (versus rejections during an [SMTP] session), it is necessary to > construct the message so as to avoid amplification attacks, > deliberate or otherwise. The envelope sender address of the report > needs to be chosen so that these reports will not generate mail > loops. > > Per Section 2 of [DSN], the envelope sender address of the report > SHOULD be chosen to ensure that no delivery status reports will be > issued in response to the report itself, and MUST be chosen so that > the report will not cause a mail loop. > > Therefore, if an [SMTP] transaction is used to send a report, the > MAIL FROM command MUST either use the NULL return address, i.e., > "MAIL FROM:<>", or one that will pass [SPF] MAIL FROM checks on > receipt. The HELO/EHLO command SHOULD also be selected so that it > wil pass [SPF] HELO checks. > > Does that fit with what you and John were saying?
Speaking for myself, I think so. It still has the Per section 2 of [DSN] problem. How about this (a hybrid of what you have here and what I've got locally): 6.2. Envelope Sender Selection In the case of transmitted reports in the form of a new message (versus rejections during an [SMTP] session), it is necessary to construct the message so as to avoid amplification attacks, deliberate or otherwise. The envelope sender address of the report MUST be chosen so that these reports will not generate mail loops. Similar to Section 2 of [DSN], the envelope sender address of the report SHOULD be chosen to ensure that no feed back reports will be issued in response to the report itself. When an [SMTP] transaction is used to send a report, the MAIL FROM command MUST either use the NULL return address, i.e., "MAIL FROM:<>", or one that will pass [SPF] MAIL FROM checks on receipt. The HELO/EHLO command SHOULD also be selected so that it will pass [SPF] HELO checks. Scott K _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
