Something is wrong with this paragraph in the Security Considerations section:
In the unlikely event that a domain legitimately sends email but does
not want to receive email, SMTP servers that reject mail from domains
that advertise a NULL MX risk losing email from those domains. The
normal way to send mail for which a sender wants no responses remains
unchanged, by using an empty RFC5321.MailFrom address.
Why is that treated as a security consideration?
We think it's a security consideration because of the risk of lost mail.
It's not a new issue -- think of all the mail you get with return
addresses like [email protected].
In light of the first paragraph in Section 4.3 stating that it's
acceptable for SMTP clients to not send email to domains that publish
NULL MX records, this text ought to be recommending that such a domain
(legitimately sends email but does not want to receive email) SHOULD NOT
publish a NULL MX record and SHOULD provide an SMTP server that promptly
rejects all email delivery attempt.
Sorry, but I don't understand this at all. Either way, anyone who sends
mail to the domain gets the mail rejected. The only difference would be
that the error message might be different.
Nits:
Section 1 is missing from Table of Contents.
blame xml2rfc
First paragraph in Section 4.1:
"address is not deliverable" -> "the email is not deliverable"
It's the address. The message might be sent to several addresses, and the
other ones work. I realize its jargon-y, but it's pretty well established
in the mail workd.
The other editorial suggestions are fine, I'll address them either in
another version once last call is over. Tnx.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art
