On 03/Oct/11 08:13, Murray S. Kucherawy wrote:
>
> I'm gently kicking myself now for not having included reporting
> result codes in RFC5451 for "not checked".
The General Description in RFC 5451 makes it clear that methods that
were not applied deserve no "method=result" statement. That spec does
not mandate that _all_ methods be reported, thus leaving it ambiguous
whether unreported methods are not implemented at all or omitted for
any other reason. IMHO, that's good as it is.
> I think the intent here (as I mentioned to SM) is that this is
> really a specific profile for ARF use, creating a new feedback
> type, that originates with sites that do check both; if you don't
> check both, you simply wouldn't use this feedback type. It didn't
> occur to me when I crafted the original versions of this work that
> there might be sites that don't, and that there's no way to say
> explicitly "I don’t check {DKIM,SPF}."
I'm unable to see why these methods need to coexist for reporting just
one of them. Even MTAs that usually check both, may bail out some
checks in particular cases. Furthermore, to report a message that
simultaneously fails both DKIM and SPF, one needs to send two separate
authfailure reports anyway, since the Auth-Failure field must appear
exactly once (but it is missing in the example, BTW.)
> I realize now that approach was maybe a bit limiting.
Authfailure reporting is non-extensible by design, while RFC 5451 is.
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
