datatracker.ietf.org
Sign in
Version 5.7.1.p2, 2014-10-29
Report a bug

Creation and Use of Email Feedback Reports: An Applicability Statement for the Abuse Reporting Format (ARF)
draft-ietf-marf-as-16

Note: This ballot was opened for revision 13 and is now closed.

Summary: Needs 3 more YES or NO OBJECTION positions to pass.

Adrian Farrel

Comment (2012-04-25 for -15)

Forgive me, but doesn't section 8.2 say that forged abuse reports
constitue a real problem and the two mechanisms available to protect
against them may result in genuine abuse reports being discarded?

Is the message here "chosse which you think might be the least worse
problem" or is it "you should use DKIM and SPF, but be aware that you
may lose some genuine reports"?

I would have liked some clarification as to which message is being sent.

Benoit Claise

Comment (2012-04-25 for -16)

Thanks for addressing my points

Brian Haberman

Comment (2012-04-25 for -14)

Thanks for addressing my comments.

Stephen Farrell

Comment (2012-04-23 for -14)

Just a bunch of nitty comments. Feel free to take 'em or leave
'em.

5.1 (1) - this has a MUST but there's no well-defined/standard way to
satisfy the MUST, maybe make that an "ought"?

5.1 (2) - I think you mean that "they think will" pass SPF/DKIM checks,
since they can't be sure

5.2 (1) - "the receiver" is a bit ambiguous in the 1st sentence, maybe
s/the receiver/the report receiver/? (Or if handling is expensive for
both, then maybe say that.)

5.3 (1) - what does "SHOULD make" mean? Same comment as above for use
of SHOULD when there's no standard way to do it, i.e. maybe
s/SHOULD/ought/

5.5 (1) - is "bulk senders" at the end here ambiguous? I read it as
referring to the sender of the message(s) that triggered the report.

6 - what is a "smaller" AS or use-case? Do you mean fewer people will
do this or that its simpler?

6 - point (3), is the "MUST be constructed" there right? If everything
needed to satisfy this MUST is later in point 3, then you could say
"MUST be done as stated below" - as is, this looks like there's
something else needed to satisfy the MUST but you don't say what.

8.3 - this is a little terse, maybe point back at those recommendations
or say a bit more?

8.4 - might be better to say "larger volumes or higher frequency"

8.5 - I guess this means that report receivers ought not react to
missing reports as if something was wrong. Not sure if that's worth
noting explicitly or not.