On 03/Apr/12 20:08, Pete Resnick wrote: > On 3/30/12 4:49 AM, Murray S. Kucherawy wrote: > > 4.3.1. > The reports SHOULD use "Feedback-Type: abuse", but can use other > types as appropriate to the nature of the abuse being reported. > However, the Mailbox Provider generating the reports needs to > understand that the operator receiving the reports might not > treat different feedback types any differently. > > How about instead: "The reports SHOULD use "Feedback-Type: abuse" for > its type. Although a Mailbox Provider generating the reports can use > other types appropriate to the nature of the abuse being reported, the > operator receiving the reports might not treat different feedback > types differently." The "needs to understand" construction confused me > as it didn't seem like something actionable.
The suggested replacement seems to be saying that it is fine to use "Feedback-Type: abuse" even if that doesn't correspond to the actual content. Would s/its type/such type/ avoid it? > 6.1.1 > A report generator MUST provide a way for a report recipient to > request no further reports be sent to that address and MAY > provide a way for recipients to change the address(es) to which > reports about them are sent. Details of such mechanisms are > outside of the scope of [RFC5965], [RFC6449], and this document. > > So, thinking about this, the above instruction is completely > non-interoperable. I am required to provide a mechanism, but how the > mechanism works is unspecified. Please explain what this means. For Pete's info, the WG briefly discussed the possibility to describe a mechanism, and concluded that mandating such compliance was too much of a burden for a report generator. > 6.3.1 > MUAs SHOULD NOT generate abuse reports directly to entities > merely because they were found in the message, or by queries to > WHOIS ([RFC3912]) or other heuristic means. Rather, the MUA > needs to signal, by some means, the mailbox provider to which it > connects to trigger generation of such a report. > > The first sentence seems to conflict with 6.3/3. I don't understand > the second sentence. Please explain. I'd propose the following text, rather than striking the whole paragraph: MUAs SHOULD NOT send abuse reports directly to the entities they deem responsible of the abuse. Rather, MUAs need to signal the abuse to the mailbox provider to which they connect. A MUA's signal may or may not use ARF [RFC5965] format, depending on how it's done. This document does not specify by what means MUAs do such signaling. The rest of this section discusses where Mailbox Providers can send reports, albeit possibly triggered by MUAs' signals. Would that make the point any clearer? _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
