On 10/Feb/12 20:59, Scott Kitterman wrote: > On Friday, February 10, 2012 08:26:49 PM Alessandro Vesely wrote: > >> ISP.example is a network provider, like softlayer.com leasing >> 208.43.65.50 to controlledmail.com. MAIL FROM:<[email protected]> >> sent from 208.43.65.50 (mailout03.controlledmail.com) would get a >> softfail, if I'm not mistaken. Where should it be reported, if >> abusive? ABUSE1025-ARIN tells [email protected], but one cannot use >> it as target because of the softfail. > > I think I haven't been clear (and maybe the text needs more work), > but this is reasonable. Where I would object is if you wanted to > send the report to [email protected] because they were used in > mail from.
Yes, the current wording can be interpreted badly. 8.5 says report generators can derive an address from RFC5321.MailFrom if they have spf=pass. 8.6 says they can do so even with none or neutral. >> We could say that, given their SPF record, their abuse POC should >> have been [email protected], but... > > This is where I think you've confused things. The relevant SPF > check here would be on the domain you are sending the report from. > It's got nothing to do with their SPF record or status of messages > sent mail from their domain. The subdomain would be needed to allow report generators to use that address even if its domain-part is the same of the RFC5321.MailFrom. Non-spf-protected.softlayer.com must result in spf=none, in the original message, hence can be used to report it. _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
