"Murray S. Kucherawy <[email protected]> wrote:
>> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf >Of Scott Kitterman >> Sent: Thursday, February 09, 2012 1:12 PM >> To: [email protected] >> Subject: Re: [marf] I-D Action: draft-ietf-marf-as-07.txt >> >> >Now that I think of it, another compromise would be language like >> >"SHOULD NOT ... unless ..." followed by an explicit example of when >we >> >would think it's safe to violate the SHOULD NOT. That strengthens >it >> >without going all the way to a MUST NOT. >> > >> >Any suggestions? >> >> If I could come up with a useful case for after the unless, I'd be >> happy with this. > >How about: > >Similarly, if a report generator applies SPF to arriving messages, and >that evaluation produced something other than a "Pass", "None" or >"Neutral" result, a report addressed to the RFC5321.MailFrom domain >SHOULD NOT be generated as it might be a forgery and thus not >actionable. A valid exception would be specific knowledge that the SPF >check is expected to fail for that domain under those circumstances. Allesandro provided a scenario that I think is reasonable. If you add: (i.e. a message with DKIM pass for the same domain) at the end and change "expected to fail" to "not definitive" I think I'm good. Scott K _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
