Re: [spfbis] New issue: 8.4. Fail: rejection is not described explicitly

["Murray S. Kucherawy" <superuser@gmail.com>]

On Sat, Apr 20, 2013 at 2:56 AM, Alessandro Vesely <vesely@tana.it> wrote:

> Appendix H.2 should be merged into Section 8.4, as the reason to keep
> them separate was beaten out by Murray's reorganization.  I mentioned
> that in my review.
>

I don't agree.  What's in H.2 discusses local policy development which
cannot be normative.  It's strictly pedagogical.  Section 8 contains purely
definitions and normative material.  I don't support mixing them.

I also agree with what John said about this.

In addition, the combined text is not explicit in describing how
> reject-on-fail works when enabled.  H.2 says "rejection can be done
> before the SMTP content is transferred."  Explicit would be to to say
> that the negative response can be given to either the MAIL or the RCPT
> commands.
>

I would be fine with changing H.2 to make that very explicit, although I
think we can rely on people understanding SMTP already since it's a
normative reference, so I'm also fine with leaving it as-is, and at this
late stage that is also my preference.


>
> Of course, it is also possible to reject after receiving the content.
> It is not typical of SPF implementations to do so.  Early rejection may
> conflict with DMARC and similar policies, and the point of this issue is
> that an explicit note can save readers the time to puzzle it out
> themselves, and possibly avoid some misunderstanding.
>

We should absolutely not discuss DMARC or other layers here.

-MSK