Re: [marf] Reviewers for draft-kucherawy-marf-source-ports
Steve Atkins <steve@wordtothewise.com> Fri, 20 April 2012 00:01 UTC
Return-Path: <steve@wordtothewise.com>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2886311E80CE for <marf@ietfa.amsl.com>; Thu, 19 Apr 2012 17:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qJdBMCf6iDN for <marf@ietfa.amsl.com>; Thu, 19 Apr 2012 17:01:23 -0700 (PDT)
Received: from m.wordtothewise.com (misc.wordtothewise.com [184.105.179.154]) by ietfa.amsl.com (Postfix) with ESMTP id 89ACA11E80CB for <marf@ietf.org>; Thu, 19 Apr 2012 17:01:23 -0700 (PDT)
Received: by m.wordtothewise.com (Postfix, from userid 1003) id 6764D2EB25; Thu, 19 Apr 2012 17:01:23 -0700 (PDT)
Received: from platter.wordtothewise.com (204.11.227.194.static.etheric.net [204.11.227.194]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: steve) by m.wordtothewise.com (Postfix) with ESMTPSA id 5A9622EAE2 for <marf@ietf.org>; Thu, 19 Apr 2012 17:01:21 -0700 (PDT)
From: Steve Atkins <steve@wordtothewise.com>
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/alternative; boundary="Apple-Mail=_EBD53B96-46FF-48D0-AB67-498CDCB17A6D"
Date: Thu, 19 Apr 2012 17:01:20 -0700
In-Reply-To: <9452079D1A51524AA5749AD23E0039280FB6A1@exch-mbx901.corp.cloudmark.com>
To: marf@ietf.org
References: <9452079D1A51524AA5749AD23E0039280FAF8D@exch-mbx901.corp.cloudmark.com> <938CD663-D2D5-4E65-B3D4-B02424DC7124@wordtothewise.com> <9452079D1A51524AA5749AD23E0039280FB6A1@exch-mbx901.corp.cloudmark.com>
Message-Id: <12A039B2-3B42-49B1-887F-06A18B0C6ECA@wordtothewise.com>
X-Mailer: Apple Mail (2.1257)
Subject: Re: [marf] Reviewers for draft-kucherawy-marf-source-ports
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2012 00:01:25 -0000
On Apr 19, 2012, at 4:26 PM, Murray S. Kucherawy wrote: > Comments inline. > > It looks reasonable at first glance. But I have some comments. > > MARF is intended for reporting sightings of email. This extension is intended to make reports of traffic from behind NATs able to differentiate between users behind a NAT. That implies that it's expected for legitimate email to be sent from behind a shared NAT. I wouldn't expect to see that in the wild, certainly not at a provider that's well enough set up that they're accepting ARF reports and keeping detailed access logs and so on - rather I'd expect that mail to be going through an authenticated smarthost, and no non-authenticated SMTP traffic being emitted from the NAT itself. > > [MSK: That’s probably generally true, but I’d imagine it’s not universally true. For the cases where it’s not, the data reported by this extension header field might prove useful.] I'm not sure that [LOG] *as applied to email* has value in the real world. Sure, a mix of spam and legitimate mail might leak out from a NAT, but the fix for that is to not allow port 25 outbound from the NAT and route it to a smarthost (where it can be filtered, throttled and have correct Received headers to identify the user added) instead. It's reasonably harmless to add this information to ARF reports, but to standardize it implies that allowing outbound port 25 from a carrier-grade NAT is acceptable practice, which goes against the "don't let end-users or dynamically assigned users send mail directly to receiver MXes" and "don't allow port 25 through a NAT" principles we've been pushing for a while. http://www.spamhaus.org/faq/section/Spamhaus%20XBL#37 http://cbl.abuseat.org/nat.html http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/vwapj/Companion_Document.pdf/$file/Companion_Document.pdf http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf > > What about ident? > > [MSK: Does anyone still use that?] Sure. I'm not suggesting people use it, but this proposal is a less reliable, less privacy-friendly, replacement for ident so I thought I'd at least mention it. Cheers, Steve
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… Steve Atkins
- [marf] Reviewers for draft-kucherawy-marf-source-… Murray S. Kucherawy
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… Steve Atkins
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… Scott Kitterman
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… Murray S. Kucherawy
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… John Levine
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… Murray S. Kucherawy
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… Steve Atkins
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… Scott Kitterman
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… John Levine
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… Steve Atkins
- Re: [marf] Reviewers for draft-kucherawy-marf-sou… Douglas Otis