> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Scott > Kitterman > Sent: Wednesday, January 25, 2012 12:14 PM > To: [email protected] > Subject: Re: [marf] I-D Action: draft-ietf-marf-spf-reporting-03.txt > > > It's not a DSN proper, right, but we still want to avoid the same > > situations that DSN has to avoid. > > OK. I changed it to "Similar to ..."
It seems to me that we should say the same thing here. Here's what my working copy has: 6.2. Envelope Sender Selection In the case of transmitted reports in the form of a new message (versus rejections during an [SMTP] session), it is necessary to construct the message so as to avoid amplification attacks, deliberate or otherwise. The envelope sender address of the report needs to be chosen so that these reports will not generate mail loops. Per Section 2 of [DSN], the envelope sender address of the report SHOULD be chosen to ensure that no delivery status reports will be issued in response to the report itself, and MUST be chosen so that the report will not cause a mail loop. Therefore, if an [SMTP] transaction is used to send a report, the MAIL FROM command MUST either use the NULL return address, i.e., "MAIL FROM:<>", or one that will pass [SPF] MAIL FROM checks on receipt. The HELO/EHLO command SHOULD also be selected so that it wil pass [SPF] HELO checks. Does that fit with what you and John were saying? _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
