Last Call Review of draft-ietf-appsawg-greylisting-
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. Document editors and WG chairs should treat these comments just
like any other last call comments.
This document discusses grey listing, the returning of temporary
failure codes in some SMTP exchanges with mail sources not known to be
good guys, to ameliorate spam.
The technique is very much heuristic so security consideration are,
reasonably, fairly soft rather than the precise, hard edged
formulations of cryptographic security. The discussion of variations
in grey listing, typical spammer behavior, and potential spammer
countermeasures all seem quite reasonable and complete. I do not think
any additional security considerations are required.
In one place the draft says "when delivery of mail is timely." when I
think it means "when delivery of mail is time critical." or "when
delivery of mail must be timely.".
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
d3e3e3 at gmail.com