IETF Logo Mail Archive

Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard

Barry Leiba <barryleiba@computer.org> Thu, 01 March 2012 14:10 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECCD521E829A for <ietf@ietfa.amsl.com>; Thu, 1 Mar 2012 06:10:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.987
X-Spam-Level:
X-Spam-Status: No, score=-102.987 tagged_above=-999 required=5 tests=[AWL=-0.010, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LYIIUFzJsxEv for <ietf@ietfa.amsl.com>; Thu, 1 Mar 2012 06:10:09 -0800 (PST)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id A59F421E87D1 for <ietf@ietf.org>; Thu, 1 Mar 2012 06:09:49 -0800 (PST)
Received: by yhpp34 with SMTP id p34so239305yhp.31 for <ietf@ietf.org>; Thu, 01 Mar 2012 06:09:49 -0800 (PST)
Received-SPF: pass (google.com: domain of barryleiba.mailing.lists@gmail.com designates 10.236.37.132 as permitted sender) client-ip=10.236.37.132;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of barryleiba.mailing.lists@gmail.com designates 10.236.37.132 as permitted sender) smtp.mail=barryleiba.mailing.lists@gmail.com; dkim=pass header.i=barryleiba.mailing.lists@gmail.com
Received: from mr.google.com ([10.236.37.132]) by 10.236.37.132 with SMTP id y4mr7391322yha.10.1330610989242 (num_hops = 1); Thu, 01 Mar 2012 06:09:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=cbKo0B2TYnh3x+SiEJPaL+ngH9c5LpV0qgZub22533c=; b=Q+YY0Y1RHWoJP+wCI6/NQ+7+OFpY17pn4rmYrdufL33fmv5WBWTeSebFmSV6fqiTb8 6rje/2JvRPrOeRVo6KeijrUWFdawLSkbh8jmwVsX+AzQ5htK+FW0f7xNRnNkGnhUPWNd th8wSfyWyIILNc8Lid8ex47/rBcHjKtmkXB50=
MIME-Version: 1.0
Received: by 10.236.37.132 with SMTP id y4mr5751454yha.10.1330610989192; Thu, 01 Mar 2012 06:09:49 -0800 (PST)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.147.106.16 with HTTP; Thu, 1 Mar 2012 06:09:49 -0800 (PST)
In-Reply-To: <6.2.5.6.2.20120229181328.0a95a9f8@resistor.net>
References: <20120301004643.17274.83943.idtracker@ietfa.amsl.com> <6.2.5.6.2.20120229181328.0a95a9f8@resistor.net>
Date: Thu, 01 Mar 2012 09:09:49 -0500
X-Google-Sender-Auth: _G9wUa_Wm2XX7bX4QPDw-UaOye8
Message-ID: <CAC4RtVDUmcLZh4J2SvV32kNxaQcPYr1+9S9q59Kd50F4hqWaOQ@mail.gmail.com>
Subject: Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard
From: Barry Leiba <barryleiba@computer.org>
To: SM <sm@resistor.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2012 14:10:10 -0000

> The MARF charter [1] does not contain any mention of "SPF Authentication
> Failure Reporting using the Abuse Report Format" as a deliverable.  There is
> no mention of SPF in the charter.

Keep in mind that the charter has these two items:

 2) The group will produce an informational document detailing
 guidelines for deploying and using ARF, including descriptions
 of current practices and their rationales.

 3) The group will specify the integration of ARF into DKIM-aware
 environments, with draft-kucherawy-dkim-reporting-06 as its input.
 It contains extensions to DKIM that are related to ARF as a means
 of reporting DKIM-related failures which include phishing
 ("fraud") and as such are relevant to the ARF effort. The group
 will produce Proposed Standard track specification for these
 ARF and DKIM extensions.

Then note this:
1. The reporting document originally included the SPF information,
since there's a lot of common aspects, and it makes sense to talk
about both.  The WG decided to split the document into four pieces,
for organizational purposes, with authfailure-report, redaction, dkim,
and spf as separate pieces.

2. SPF is widely deployed in the real world.  Information about
deploying and using ARF (item 2 in the charter) in such an environment
is absolutely part of the charter.

It's important to get this information out there in parallel with the
DKIM information.  If the output of the spfbis working group results
in a need for a revision to this document, such revision can be taken
up then.

Barry

v2.23.0 | Report a Bug | By Email