Re: [apps-discuss] I-D Action: draft-ietf-appsawg-greylisting-01.txt

"Murray S. Kucherawy" <> Fri, 20 January 2012 19:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A643321F869E for <>; Fri, 20 Jan 2012 11:16:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.585
X-Spam-Status: No, score=-102.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jTudqqxIud51 for <>; Fri, 20 Jan 2012 11:16:08 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 2A63E21F869C for <>; Fri, 20 Jan 2012 11:16:08 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.1.355.2; Fri, 20 Jan 2012 11:16:07 -0800
Received: from ([]) by ([]) with mapi; Fri, 20 Jan 2012 11:16:07 -0800
From: "Murray S. Kucherawy" <>
To: "Paul E. Jones" <>
Date: Fri, 20 Jan 2012 11:16:06 -0800
Thread-Topic: [apps-discuss] I-D Action: draft-ietf-appsawg-greylisting-01.txt
Thread-Index: AQGBk2W8BNUlxQseu0YFp/ty1I18TpasEHSAgAAVtrA=
Message-ID: <>
References: <> <02e501ccd7a5$05a0c620$10e25260$>
In-Reply-To: <02e501ccd7a5$05a0c620$10e25260$>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [apps-discuss] I-D Action: draft-ietf-appsawg-greylisting-01.txt
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 20 Jan 2012 19:16:08 -0000

Hi Paul,

> -----Original Message-----
> From: Paul E. Jones []
> Sent: Friday, January 20, 2012 10:55 AM
> To: Murray S. Kucherawy
> Cc:
> Subject: RE: [apps-discuss] I-D Action: draft-ietf-appsawg-greylisting-01.txt
> Mark,

Who?  ;-)

> I think it's useful to document greylisting for information purposes,
> but do we want to make it a BCP?  The reason I ask is that longer-term,
> I would think we'd want to recommend policy-oriented solutions (e.g., SPF or DKIM).
> If policies were strictly enforced and properly implemented, machines
> controlled by bots would not get past the policy enforcement.
> I also question whether greylisting would be effective long-term.  I
> actually have seen some machines re-send email.  You are right that
> many just "fire and forget", but that would change if required.  So,
> elevating greylisting to BCP might just force a change in spammer
> tactics, thus rendering greylisting completely ineffective.
> The reason I am supportive of documenting as informational is that
> servers should consider such implementations and that it has utility
> today.  But, calling it a "best" practice seems to be a bit much.  It's
> a practice driven out of necessity, mainly because we do not have all
> of the kinks worked out of policy-based solutions.

The original (and current) plan is to include some consensus recommended practices in terms of greylisting.  If the Working Group decides it wants to stop short of making any recommendations, then changing to Informational is entirely appropriate.  I don't have a particular preference.

The -01 version of this draft fills out the definitions of each kind of greylisting we know of and presents some background (thanks to John Levine for the text there), but I didn't fill out the recommendations section because we haven't talked about what we would like to say in there yet.

There is a small team of people within MAAWG that want to make some recommendations about greylisting, so the output of that work might be useful here.  They meet in about a month, so I'll report back after that, and we can figure out what to do next.