> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of John > Levine > Sent: Tuesday, September 13, 2011 8:07 AM > To: [email protected] > Cc: [email protected] > Subject: Re: [marf] Revisiting reporting addresses > > At abuse.net, that's handled completely manually, both the evaluation > and the selection of addresses. This is policy stuff that is utterly > outside the scope of a fricking reporting format.
I agree that what's being discussed isn't a protocol matter, but it's not impossible for material like this to be in a BCP or other advisory document. The question is really whether or not this is stuff we want or need to say beyond the BCP we're already producing. I don't think we could codify, in protocol at least, anything at all about WHOIS. In its current form it isn't a reliable source of any kind of information. Sometimes what you need is there, sometimes it's not; sometimes it's there but not in a form an automated system can extract. This might be helpful to include in advice someplace though if we can find text on which we can agree. All of that might change if the WEIRDS effort is successful, but for now WHOIS is a wild west. I think it's clear we want not to include domain names in any reporting addresses for the reasons John stated. The dkim-reporting document has already been updated to say so, and in my opinion the spf-reporting and reporting-discovery documents should follow. This all leads into the issue of whether or not we want to do some advisory text about FBLs outside of the context of private agreements. I'll comment about that on a separate thread. -MSK, as participant _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
