Hi Rolf, ARFs are not typically sent in place of delivery of a message, such as is the case when a virus scanner rejects a message. ARF is normally generated in response to a user action post-delivery.
For the case of DKIM and SPF reports, rejection on failure is actually improper most of the time (the exceptions being ADSP and SPF "-all", both of which are currently discouraged). What I'm trying to avoid is accumulating a list of informative references describing what ARF is not. It seems to me that it's far less confusing for unfamiliar readers just to say what ARF is, and stop. That said, if there's consensus to include it, we can add it. -MSK From: Rolf E. Sonneveld [mailto:[email protected]] Sent: Tuesday, February 07, 2012 3:33 PM To: Murray S. Kucherawy Cc: [email protected] Subject: Re: [marf] Automatic Responses, was VERP On 2/7/12 8:24 PM, Murray S. Kucherawy wrote: -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Alessandro Vesely Sent: Tuesday, February 07, 2012 10:35 AM To: [email protected]<mailto:[email protected]> Subject: [marf] Automatic Responses, was VERP RFC3834 appears to be about how to write auto-responders like vacation services. In fact Section 3.2.1 suggests that there are cases where not using it is the right thing to do (DSNs, for example), and I think ARF is one of those cases. I think we ought to write that on the spec, otherwise it will be debatable forever. Report generators are not automatic responders in the sense of Section 3.2.1 of [RFC3834] would work for me. Does anyone else think this is necessary? I don't think RFC3834 covers what we're doing here at all, so I don't think we need to be concerned about possible debate on the topic. Hmm. RFC3834 identifies three classes of responders, among which Group Responders: - "Group Responders" exist to make automatic responses on behalf of any of a significant set of recipient addresses (say, every recipient in a particular DNS domain), in advance of, or in lieu of, a response from the actual recipient. Group Responders are similar to Personal Responders except that in the case of a Group Responder the criteria for responding are not set on a per- recipient basis. A "virus scanner" program that filtered all mail sent to any recipient on a particular server, and sent responses when a message was rejected or delivered in an altered form, might be an example of a Group Responder. This sounds a bit like the type of feedback we're talking about in the context of ARF (and DMARC for example). And as some of the topics, discussed in RFC3834, might be discussed also for ARF (loop prevention etc.) I'm not sure RFC3834 can completely be ignored. If however we all agree that RFC3834 has no relationship to ARF, then let's explicitly mention this, as Alessandro proposed. /rolf
_______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
