Creation and Use of Email Feedback Reports: An Applicability Statement for the Abuse Reporting Format (ARF)
RFC 6650
Yes
No Objection
Note: This ballot was opened for revision 13 and is now closed.
(Barry Leiba; former steering group member) Yes
(Pete Resnick; former steering group member) Yes
(Adrian Farrel; former steering group member) No Objection
Forgive me, but doesn't section 8.2 say that forged abuse reports constitue a real problem and the two mechanisms available to protect against them may result in genuine abuse reports being discarded? Is the message here "chosse which you think might be the least worse problem" or is it "you should use DKIM and SPF, but be aware that you may lose some genuine reports"? I would have liked some clarification as to which message is being sent.
(Benoît Claise; former steering group member) (was Discuss) No Objection
Thanks for addressing my points
(Brian Haberman; former steering group member) No Objection
Thanks for addressing my comments.
(Martin Stiemerling; former steering group member) No Objection
(Ralph Droms; former steering group member) No Objection
(Robert Sparks; former steering group member) (was Discuss) No Objection
(Ron Bonica; former steering group member) No Objection
(Russ Housley; former steering group member) No Objection
(Sean Turner; former steering group member) (was Discuss) No Objection
(Stephen Farrell; former steering group member) No Objection
Just a bunch of nitty comments. Feel free to take 'em or leave 'em. 5.1 (1) - this has a MUST but there's no well-defined/standard way to satisfy the MUST, maybe make that an "ought"? 5.1 (2) - I think you mean that "they think will" pass SPF/DKIM checks, since they can't be sure 5.2 (1) - "the receiver" is a bit ambiguous in the 1st sentence, maybe s/the receiver/the report receiver/? (Or if handling is expensive for both, then maybe say that.) 5.3 (1) - what does "SHOULD make" mean? Same comment as above for use of SHOULD when there's no standard way to do it, i.e. maybe s/SHOULD/ought/ 5.5 (1) - is "bulk senders" at the end here ambiguous? I read it as referring to the sender of the message(s) that triggered the report. 6 - what is a "smaller" AS or use-case? Do you mean fewer people will do this or that its simpler? 6 - point (3), is the "MUST be constructed" there right? If everything needed to satisfy this MUST is later in point 3, then you could say "MUST be done as stated below" - as is, this looks like there's something else needed to satisfy the MUST but you don't say what. 8.3 - this is a little terse, maybe point back at those recommendations or say a bit more? 8.4 - might be better to say "larger volumes or higher frequency" 8.5 - I guess this means that report receivers ought not react to missing reports as if something was wrong. Not sure if that's worth noting explicitly or not.
(Stewart Bryant; former steering group member) No Objection
(Wesley Eddy; former steering group member) No Objection