On Friday, March 02, 2012 06:28:32 PM Murray S. Kucherawy wrote: > > -----Original Message----- > > From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On Behalf Of > > Scott Kitterman Sent: Friday, March 02, 2012 9:19 AM > > To: ietf@xxxxxxxx > > Subject: Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF > > Authentication Failure Reporting using the Abuse Report Format) to > > Proposed Standard > > > > > > "The HELO/EHLO command SHOULD also be selected so that it > > > > > > > > will pass [SPF] HELO checks." > > > > > > > > I could not understand what to do about the above > > > > recommendation. > > > > FWIW, the command is specified in RFC 5321. That specification > > > > is > > > > not referenced by this draft. > > > > > > Yes, that needs to be clarified, the reference added, and the typo > > > in > > > the section title needs correction. > > > > I agree I should add the reference to 5321. Is informative sufficient > > (I don't think any detailed understand of Mail From or EHLO/HELO is > > necessary to implement this spec). > > > > I can see the construction is awkward, but I'm not sure how to make it > > better. I'd appreciate suggestions. > > I suggest: > > OLD: > In addition to the advice in security considerations of > [I-D.IETF-MARF-AS] the additional consderations apply to [SPF] auth > failure reports. If the MAIL FROM command is not the NULL return > address, i.e., "MAIL FROM:<>", then the selected MAIL FROM address > MUST pass [SPF] MAIL FROM checks on receipt. The HELO/EHLO command > SHOULD also be selected so that it will pass [SPF] HELO checks. > > NEW: > In addition to the advice in the Security Considerations section of > [I-D.IETF-MARF-AS], these additional considerations apply to > generation of [SPF] authentication failure reports: > > o If the return address to be used will not be the NULL return > address, i.e., "MAIL FROM:<>", then the selected return address > MUST be selected such that it will pass [SPF] MAIL FROM checks > upon initial receipt. > > o If the report is passed to the Mail Submission Agent (MSA) > using [SMTP], the HELO/EHLO command parameter SHOULD also be > selected so that it will pass [SPF] HELO checks. > > If needed, MSA is defined in RFC5598, so maybe this is another argument for > adding it as an informative reference and changing to use ADMD as discussed > in the other thread. Thanks. Done (including replacing domain owner) in my local copy. Scott K _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf