On Monday, February 13, 2012 03:43:11 PM John Levine wrote:
> >The diff is here: http://www.blackops.org/~msk/marf-as.html
>
> Steve and I went through and took out stuff that looks too much like
> an implementor's guide rather than an applicability statement. In
> particular, we tried to stick to what to accomplish, not how to do it.
>
> There's nothing wrong with writing a DKIM or SPF reporting cookbook,
> but this isn't it.
OK. Now that I've read the relevant standard, I'm more convinced than ever
this proposed change is a step in the wrong direction. The first section of
RFC 2026, paragraph 3.2 says:
An Applicability Statement specifies how, and under what
circumstances, one or more TSs may be applied to support a particular
Internet capability. An AS may specify uses for TSs that are not
Internet Standards, as discussed in Section 7.
If you look at the old paragraph 8.6 of the AS draft, it says:
6. Similarly, if a report generator applies SPF to arriving
messages, and that evaluation produced something other than a
"Pass", "None" or "Neutral" result, a report addressed to the
RFC5321.MailFrom domain SHOULD NOT be generated as it is
probably a forgery and thus not actionable. A valid exception
would be specific knowledge that the SPF result is not
definitive for that domain under those circumstances (e.g., a
message that is also DKIM-signed by the same domain, and that
signature validates).
To me that reads exactly like a statement about how and under what
circumstances one or more technical standards (ARF, DKIM, SPF) may be applied
to support a particular internet capability (unsolicitited automatic abuse
reports).
A DKIM or SPF "cookbook" would describe how to determine the SPF result. This
just says what to do with them. It seems exactly right to me.
Scott K
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
