I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-marf-as-13 Reviewer: Martin Thomson Review Date: 2012-04-12 IETF LC End Date: IESG Telechat date: (if known) Summary: This document is fit for publication, though some minor issues might warrant further consideration. Major issues: None Minor issues: Reading through, this doesn't smell very much like an applicability statement at all. It has the distinct odor of a profile, or a set of implementation/deployment/operational guidelines. That might just be me. Section 4.2 doesn't really contain enough information for me to determine when I might want to ignore your SHOULD. Section 6.1, point 1 cannot be an interoperability requirement if there isn't a mechanism provided. The text is perfectly clear, but I can't implement anything here to address the "MUST". The problem is that the reports are unsolicited, and therefore an out-of-band "session" has not been established between providers. (Is an abuse report the in-band solution you are looking for? Yes, Section 7, point 2, I know...) Section 6.3, point 1 has the same complaint for the "SHOULD", though in this case the softness of the "SHOULD" makes this more tolerable. Nits/editorial comments: Expand on first use: MUA, SPF, DKIM. Parentheses around references is excessive ([CITE]). Section 5.2, point 2 is a bit of a truism...MUST support optional fields being optional. Is it really necessary? Section 6.3, point 3, sentence 2: missing comma after "([RFC3912])" Section 6.4, point 3, did not parse: "reports are generated with use by recipients not using" Section 6.5, point 3 could be made MUST NOT by saying "MUST NOT reject non-ARF messages based solely on the format" or by adding other qualifications to that effect. Obviously this has to allow for local policy that rejects messages on other criteria, but you can make a requirement like this.