On Apr 19, 2012, at 4:26 PM, Murray S. Kucherawy wrote: > Comments inline. > > It looks reasonable at first glance. But I have some comments. > > MARF is intended for reporting sightings of email. This extension is intended > to make reports of traffic from behind NATs able to differentiate between > users behind a NAT. That implies that it's expected for legitimate email to > be sent from behind a shared NAT. I wouldn't expect to see that in the wild, > certainly not at a provider that's well enough set up that they're accepting > ARF reports and keeping detailed access logs and so on - rather I'd expect > that mail to be going through an authenticated smarthost, and no > non-authenticated SMTP traffic being emitted from the NAT itself. > > [MSK: That’s probably generally true, but I’d imagine it’s not universally > true. For the cases where it’s not, the data reported by this extension > header field might prove useful.]
I'm not sure that [LOG] *as applied to email* has value in the real world. Sure, a mix of spam and legitimate mail might leak out from a NAT, but the fix for that is to not allow port 25 outbound from the NAT and route it to a smarthost (where it can be filtered, throttled and have correct Received headers to identify the user added) instead. It's reasonably harmless to add this information to ARF reports, but to standardize it implies that allowing outbound port 25 from a carrier-grade NAT is acceptable practice, which goes against the "don't let end-users or dynamically assigned users send mail directly to receiver MXes" and "don't allow port 25 through a NAT" principles we've been pushing for a while. http://www.spamhaus.org/faq/section/Spamhaus%20XBL#37 http://cbl.abuseat.org/nat.html http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/vwapj/Companion_Document.pdf/$file/Companion_Document.pdf http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf > > What about ident? > > [MSK: Does anyone still use that?] Sure. I'm not suggesting people use it, but this proposal is a less reliable, less privacy-friendly, replacement for ident so I thought I'd at least mention it. Cheers, Steve
_______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
