On 02/Feb/12 19:16, Murray S. Kucherawy wrote:
>> From: ietf.org On Behalf Of Alessandro Vesely
>
>> I propose we encourage getting acknowledgments and recording them
>> along with per-domain reporting history. Report generators
>> should use VERP, and suspend reporting to rejecting domains for
>> an amount of time inversely proportional to the confidence,
>> e.g.:
>>
>> 0.5T for an acknowledged domain,
>> T for a first-time first-failure,
>> 2T,
>> 4T,
>> ... ,
>> one year for dorks.
>>
>> where T is the TTL of the relevant _report's RR if retrieved with the
>> AA flag, or some other time constant either agreed with the domain or
>> set by default.
>
> And you think this would improve [Section 11.5 of marf-as-06] rather
> than complicating it? Personally, I'm satisfied that the last
> paragraph of what we have in that section is adequate to introduce
> the idea. Developing and recommending a detailed tracking system
> design seems like overkill here. If someone wants to do such a
> thing, it would certainly be valid, but I think suggesting that
> such a thing might be necessary could become a barrier to
> adoption.
VERP should be quite straightforward to implement, given that it's
been around for decades.
What to do on delivery failures is part of using VERP, of course.
Per-domain DBs may look more like greylisting whitelists than
subscriber lists. They are needed anyway to implement paragraph 6 of
Section 8 ("MUST provide a way for a report recipient to request no
further reports be sent to that address") unless that gets limited to
heuristically inferred addresses.
Ideas?
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
