| Hi John
Thanks for taking the time to ask these questions and I hope my answers do not discourage you from continuing to ask such questions as it is important that my decisions, even operational ones. are not considered sacrosanct. Alissa has answered the more general question of authority and background here, but to answer your specific questions:
Jay, Three questions: * Did you review and understand the extensive discussion that has occurred on the ietf-smtp@xxxxxxxx since the beginning of the month or just the (relatively few) comments on this IETF list?
No. First, I don’t believe it is possible for me to monitor every IETF list that may impact operational management of our services. Second, having been pointed to an extensive technical discussion I don’t believe it is my place to attempt to understand it and draw my own technical conclusions. If there were a specific list or group the exists for discussion on matters of operational guidance then I would of course monitor that, but there isn’t and so I think it is entirely reasonable for me to base my call on the messages to this IETF list. * Did you consider the issues associated with the possibility of
IETF servers being out of conformance, whether clearly or
marginally, with IETF standards and the implications if that
were the case?
That is not my job to do, that is for the community to make a call on, both in terms of what is conformance and what is not conformance, and what is the implication of that.
* Is the answer to the question of where the Secretariat will
get guidance and instructions on technical issues going forward
that it will come from you and your assessments of those issues
and community consensus about them?
As I hope is clear from above I am not assessing the issues. Alissa has explained the history of community guidance being provided, which we have followed for 10+ years and the IESG spam control principles, which we are compliant with. The decision on consensus is therefore "is there consensus to overturn this long-standing practice?", which clearly there is not. In other circumstances, such as if the call were the other way around (i.e. is there consensus to do X) then a different mechanism or approach could well be required, such as the lengthy consultation on the revised privacy statement.
kind regards Jay thanks, john --On Tuesday, December 17, 2019 10:46 +1300 Jay Daley < jay@xxxxxxxx> wrote: Hi
While there is not unanimous consensus, I think the mood is
clearly to leave this as an operational decision. In which
case, taking into account the following recommendation ...
On 17/12/2019, at 5:18 AM, Nick Hilliard <nick@xxxxxxxxxx>
wrote:
Glen wrote on 16/12/2019 16:11:
/^[0-9.]+$/ 550 RFC2821 violation
/^\[[0-9.]+\]$/ 550 RFC2821 violation
In just seconds, I can easily change the messages, or remove
the rules, either with complete ease.
s/RFC2821 violation/policy violation/
… and the following technical comment …
On 17/12/2019, at 6:04 AM, Viktor Dukhovni
<ietf-dane@xxxxxxxxxxxx> wrote:
On Mon, Dec 16, 2019 at 08:11:11AM -0800, Glen wrote:
There is a configuration file, with two lines in it:
/^[0-9.]+$/ 550 RFC2821 violation
/^\[[0-9.]+\]$/ 550 RFC2821 violation
While the patterns look similar, the first one rejects
non-compliant "EHLO 192.0.2.1" and similar dotted quads (or
more generally some mixture of digits and dots), the second
rejects RFC-compliant address literals. So at least the
second message should probably be different, if the rule is
retained.
… the following has now changed from
/^[0-9.]+$/ 550 RFC2821 violation
/^\[[0-9.]+\]$/ 550 RFC2821 violation
to
/^[0-9.]+$/ 550 RFC2821 violation
/^\[[0-9.]+\]$/ 550 Policy violation
As to the question of data, we cannot say for certain that the
rejected messages were all spam, but we have only received one
complaint in 10 years and so we can reasonably assume this
rule has not caused problems that need to be addressed.
Please let me know if you have any questions, comments or
recommendations.
kind regards
Jay
|
