[apps-discuss] Comments on draft-ietf-appsawg-greylisting-03
SM <sm@resistor.net> Thu, 16 February 2012 05:46 UTC
Return-Path: <sm@resistor.net>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6130921F8507 for <apps-discuss@ietfa.amsl.com>; Wed, 15 Feb 2012 21:46:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.633
X-Spam-Level:
X-Spam-Status: No, score=-102.633 tagged_above=-999 required=5 tests=[AWL=-0.034, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rhN8+Rule9vb for <apps-discuss@ietfa.amsl.com>; Wed, 15 Feb 2012 21:46:39 -0800 (PST)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5580E21F84F3 for <apps-discuss@ietf.org>; Wed, 15 Feb 2012 21:46:29 -0800 (PST)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id q1G5kBWB008573 for <apps-discuss@ietf.org>; Wed, 15 Feb 2012 21:46:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1329371176; i=@resistor.net; bh=hKiC3Br+PCtrKYgKjciw+fMx2HSnnIhN6dq9IhHn+BI=; h=Message-Id:Date:To:From:Subject:Mime-Version:Content-Type:Cc; b=RuhL5cedr7cnRyjy4knt3iTgHW15Bj7QI32uvRsH86IuwBKRbgdhbFak8NB55rnUW TuY7quQwnaT2cptZtnrrCHH91bvFVd+CZUYVc+xqsBkmQZC1AWqQ6otwbPTLLuLGw9 FTZWhvF+9p9xiC0TGjJ44NEFP+sgTEVd1Pg8yA6o=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1329371176; i=@resistor.net; bh=hKiC3Br+PCtrKYgKjciw+fMx2HSnnIhN6dq9IhHn+BI=; h=Message-Id:Date:To:From:Subject:Mime-Version:Content-Type:Cc; b=wj4WfzyTC2a1wMkp4mNJYBcgBG3O4vgYcr4AsRmMZ2vP3VVKl+Vd15WzPkaMDtCHi ikBgahk6+WcqkU+6Zn69/4uV7nkOa0Rp+TdXgeNYQ/+Z/9gNVe7dgiK7NP9x1BR6QP B2Mhfr+KnIVFTaGSFFy+Wxrl8WrqnwrG9+IIbuFI=
Message-Id: <6.2.5.6.2.20120215194417.098a0438@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 15 Feb 2012 21:30:14 -0800
To: apps-discuss@ietf.org
From: SM <sm@resistor.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Subject: [apps-discuss] Comments on draft-ietf-appsawg-greylisting-03
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2012 05:46:59 -0000
Hi Murray,
Here are some comments on draft-ietf-appsawg-greylisting-03. The
title of the document is "An Applicability Statement for SMTP". If
we ignore that greylisting is a antispam technique that reuses one of
the properties of SMTP, that might be appropriate.
In Section 1:
'Preferred techniques for handling email abuse explicitly identify
good actors and bad actors, giving each significantly differential
service. In some cases an actor does not have a known reputation;
this can justify providing degraded service, until there is a basis
for provider better service. This latter approach known as
"greylisting".'
The last sentence seems incomplete. The above is one way to look at
greylisting. Another way would be to describe the SMTP angle which
is to relying on SMTP retries to "reject" mail delivery on the first
try if the SMTP client is not known to the SMTP server. That is
mentioned in Section 1.1. I suggest having the Background Section first.
'Greylisting exploits this by rejecting mail from unfamiliar
sources with a "soft fail" (4xx) [SMTP] error code'
"soft fail" is an euphemism of Section 4.2.1 of RFC 5321.
:-) maemuki ni kento sasete itadakimasu.
'Another, less well-developed, application of greylisting is
to delay mail from newly seen IP addresses on the theory that, if
it's a spam source, then by the time it retries, it will appear in a
list of sources to be filtered, and the mail will not be accepted.'
This is actually one of the first and well-developed application of
greylisting (see
http://projects.puremagic.com/greylisting/whitepaper.html ). I
recommend adding a reference to the paper as the author proposed the technique.
Section 2.l is titled "Connection-level greylisting". This technique
is used by a well-known provider. It makes debugging difficult as
421 is a forced shutdown when the SMTP service is unavailable.
Section 2.4 mentions "the return email address" for the tuple. RFC
5321 uses the term "reverse-path". BTW, instead of "other
recipients", you could use "recipients".
I don't know about the effects of "greylisting" in response to
DATA. In Section 2.5, the dot could be referred to as the end of
mail data indicator.
In Section 3:
"The most obvious benefit with any of the above techniques is that
spamware does not retry, and is therefore less likely to succeed,
absent a record of a previous delivery attempts."
Some "spamware" do retry nowadays.
In Section 4.2, I suggest using "SMTP client" instead of "client".
In Section 5:
"To accommodate those senders that have clusters of outgoing mail
servers, greylisting servers MAY track CIDR blocks of a size of
its own choosing, such as /24, rather than the full IP address."
As a note, there are some odd cases where mail from the cluster may
come from outside a /24 (IPv4). I suggest mentioning that it's the
full IPv4 address.
" There is no specific recommendation as to the specific choice of 4yz
code to be returned as a result of a greylisting delay."
I prefer a recommendation about the choice of code as this is a
policy reason (see Section 4.2.2 and 4.3.2 of RFC 5321).
RFC 5598 should be a normative reference as it is mentioned in Section 1.2.2.
The draft is well-written. It is ready for a Last Call.
Regards,
-sm
- [apps-discuss] Comments on draft-ietf-appsawg-gre… SM
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Tony Finch
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Dave CROCKER
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] Comments on draft-ietf-appsawg… SM
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] Comments on draft-ietf-appsawg… SM
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] Comments on draft-ietf-appsawg… John Levine
- Re: [apps-discuss] Comments on draft-ietf-appsawg… SM
- Re: [apps-discuss] Comments on draft-ietf-appsawg… John Levine
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Murray S. Kucherawy
- [apps-discuss] BCP, AS, something else? (was RE: … Murray S. Kucherawy
- Re: [apps-discuss] Comments on draft-ietf-appsawg… John Levine
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] BCP, AS, something else? (was … Barry Leiba
- Re: [apps-discuss] BCP, AS, something else? (was … Ned Freed