Last Call Review of draft-ietf-appsawg-greylisting-

Request Review of draft-ietf-appsawg-greylisting
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-04-24
Requested 2012-04-03
Other Reviews Genart Last Call review of - by Kathleen Moriarty (diff)
Review State Completed
Reviewer Donald Eastlake
Review review-ietf-appsawg-greylisting-secdir-lc-eastlake-2012-04-22
Posted at
Draft last updated 2012-04-22
Review completed: 2012-04-22


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document discusses grey listing, the returning of temporary
failure codes in some SMTP exchanges with mail sources not known to be
good guys, to ameliorate spam.

The technique is very much heuristic so security consideration are,
reasonably, fairly soft rather than the precise, hard edged
formulations of cryptographic security. The discussion of variations
in grey listing, typical spammer behavior, and potential spammer
countermeasures all seem quite reasonable and complete. I do not think
any additional security considerations are required.


In one place the draft says "when delivery of mail is timely." when I
think it means "when delivery of mail is time critical." or "when
delivery of mail must be timely.".

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3 at