On 06-05-13 19:55, Neil Schwartzman wrote:
>
>
> On May 6, 2013, at 10:39 AM, Matus UHLAR - fantomas <uh...@fantomas.sk
> <mailto:uh...@fantomas.sk>> wrote:
>
>>> On May 6, 2013, at 9:08 AM, John Hardin <jhar...@impsec.org
>>> <mailto:jhar...@impsec.org>> wrote:
>>>> If there is a working abuse@ address that *isn't being ignored*, they're
>>>> compliant.
>>
>> On 06.05.13 09:55, Neil Schwartzman wrote:
>>> heh, i don't think 'don't ignore' is part of the RFC, but yeah.
>>
>> well, if it clearly is not working, it's not compliant. if it's visibly
>> ignored, trashed, dropped, it violates the RFC
>
>
> At risk of being pedantic, but this is, after all an RFC discussion,
> where do you see that in 2142? So long as someone receives a report,
> there is no specification against ignoring it, visibly or not.
>
> http://www.ietf.org/rfc/rfc2142.txt
>
> The purpose of this memo is to aggregate and specify the basic set of
> mailbox names which organizations need to support. Most
> organizations do not need to support the full set of mailbox names
> defined here, since not every organization will implement the all of
> the associated services. However, if a given service is offerred, (sic)
> then the associated mailbox name(es) must be supported, resulting in
> delivery to a recipient appropriate for the referenced service or
> role.
Chiming in here, the 'abstract' of the same RFC clearly states:
This specification enumerates and describes Internet mail addresses
(mailbox name @ host reference) to be used when contacting personnel
at an organization.
To me, that sounds as if you should be able to reach an actual human
being ('personnel') by sending to the specified addresses. Ignoring
messages that get sent there which are valid within the context for the
addressee seems a clear violation. I.e. ignoring marketing mails sent to
abuse@ would be ok, but ignoring abuse complaints isn't.
--
Tom
