On Wednesday, February 08, 2012 08:59:39 PM Murray S. Kucherawy wrote: > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf Of > > Scott Kitterman Sent: Wednesday, February 08, 2012 8:03 PM > > To: [email protected] > > Subject: Re: [marf] I-D Action: draft-ietf-marf-as-07.txt > > > > 6.5. A report generator MUST NOT send abuse reports to the Mail From > > domain if the message has an SPF result other than Pass, None, or > > Neutral. > > That sounds a little like establishing an SPF requirement on use of ARF. > How about: > > If a report generator applies [SPF] to arriving messages, and an arriving > message's SPF evaluation produced something other than a Pass, None or > Neutral result, a report SHOULD NOT be generated. > > ...and add similar not-on-failure advice to the DKIM text as well. > > ?
I'm generally OK with this, but I think it should be MUST NOT vice SHOULD NOT. In this case you know that sending an ARF to the domain that was spoofed is non-actionable. All it's going to get is return complaints, your mail blackholed, or abuse reports against the sending domain. The reports are known pointless and will do only harm. It's different for auth failure reports where the receiver has said they want such reports. Scott K _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
