On Apr 19, 2012, at 5:08 PM, Murray S. Kucherawy wrote: > > > I'm not sure that [LOG] *as applied to email* has value in the real world. > Sure, a mix of spam and legitimate mail might leak out from a NAT, but the > fix for that is to not allow port 25 outbound from the NAT and route it to a > smarthost (where it can be filtered, throttled and have correct Received > headers to identify the user added) instead. > > It's reasonably harmless to add this information to ARF reports, but to > standardize it implies that allowing outbound port 25 from a carrier-grade > NAT is acceptable practice, which goes against the "don't let end-users or > dynamically assigned users send mail directly to receiver MXes" and "don't > allow port 25 through a NAT" principles we've been pushing for a while. > > [MSK: I don’t think publishing this extension amounts to an endorsement of > allowing outbound port 25 from within a CGN. Why is ARF the right place to > make that stand? For cases where such is allowed, the data exchange is > desired. Preventing ARF from doing it won’t change ISP policies.]
I think it's reasonably harmless to document how to do it in ARF. I don't think it will be of any value to report recipients or senders (for the reasons above) but that's no reason not to standardize it. > > > What about ident? > > [MSK: Does anyone still use that?] > > Sure. I'm not suggesting people use it, but this proposal is a less reliable, > less privacy-friendly, replacement for ident so I thought I'd at least > mention it. > > [MSK: I don’t think ident has enough current support to make it a viable > alternative. I tend to agree - but this is such a direct replacement for ident I thought I'd mention it. > How is adding ports to ARF reports a privacy concern?] It's not. The privacy issue is in [LOG], not here. Cheers, Steve
_______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
