Re: [marf] Reviewers for draft-kucherawy-marf-source-ports

[Steve Atkins <steve@wordtothewise.com>]

On Apr 19, 2012, at 5:08 PM, Murray S. Kucherawy wrote:

>  
> 
> I'm not sure that [LOG] *as applied to email* has value in the real world. Sure, a mix of spam and legitimate mail might leak out from a NAT, but the fix for that is to not allow port 25 outbound from the NAT and route it to a smarthost (where it can be filtered, throttled and have correct Received headers to identify the user added) instead.
>  
> It's reasonably harmless to add this information to ARF reports, but to standardize it implies that allowing outbound port 25 from a carrier-grade NAT is acceptable practice, which goes against the "don't let end-users or dynamically assigned users send mail directly to receiver MXes" and "don't allow port 25 through a NAT" principles we've been pushing for a while.
>  
> [MSK: I don’t think publishing this extension amounts to an endorsement of allowing outbound port 25 from within a CGN.  Why is ARF the right place to make that stand?  For cases where such is allowed, the data exchange is desired.  Preventing ARF from doing it won’t change ISP policies.]

I think it's reasonably harmless to document how to do it in ARF. 

I don't think it will be of any value to report recipients or senders (for the reasons above) but that's no reason not to standardize it.

>  
>  
> What about ident?
>  
> [MSK: Does anyone still use that?]
>  
> Sure. I'm not suggesting people use it, but this proposal is a less reliable, less privacy-friendly, replacement for ident so I thought I'd at least mention it.
>  
> [MSK: I don’t think ident has enough current support to make it a viable alternative. 

I tend to agree - but this is such a direct replacement for ident I thought I'd mention it.

> How is adding ports to ARF reports a privacy concern?]

It's not. The privacy issue is in [LOG], not here.

Cheers,
  Steve