Working Group Name: Abuse Reporting Format (ARF) IETF Area: Applications Area Chair(s): TBD Applications Area Director(s): Lisa Dusseault Alexey Melnikov Responsible Area Director: TBD Mailing Lists: General Discussion: abuse-feedback-report@mipassoc.org To Subscribe: http://mipassoc.org/mailman/listinfo/abuse-feedback-report Archive: http://mipassoc.org/mailman/listinfo/abuse-feedback-report Description of Working Group: Messaging anti-abuse operations between independent services often requires sending reports on observed fraud, spam virus or other abuse activity. A standardized report format enables automated processing. The Abuse Reporting Format (ARF) specification has gained sufficient popularity to warrant formal codification, to ensure future interoperability with new implementations. The primary function of this working group will be to solicit review and refinement of the existing specification. ARF was developed by a messaging trade organization independent of the IETF, and uses a format similar to a Delivery Status Notification (DSN, RFC3464) to report fraud, spam, viruses or other abusive activity in the email system. The basic format is amenable to processing by humans or software, with the latter requiring the format to be standardized, to permit interoperability between automated services, particularly without prior arrangement. ARF as initially defined is already in widespread use at large ISPs, so interoperability can be demonstrated. Some tools already exist for processing ARF messages, a few of which are open source. In order to preserve the installed base, the working group will make the minimum changes necessary to the existing specification and will seek to have backward compatibility. Furthermore, some extensions to the current proposal are of interest to the community, such as the means for an operator to advertise an email address to which abuse reports using ARF should be sent. The working group will take on the task of specifying such a mechanism as part of the first draft it will issue. The initial proposal is published as draft-shafranovich-feedback-report, and this will provide the working group's starting point. In addition, the group will specify the integration of ARF into DKIM use using draft-kucherawy-dkim-reporting as its input. It contains extensions to DKIM that are related to ARF as a means of reporting DKIM-related failures which include phishing ("fraud") and as such are relevant to the ARF effort. Goals and Milestones: Sep 09 Issue first WG-based Internet-Draft defining ARF Nov 09 Achieve consensus on any WG-based changes to ARF Dec 09 Submit ARF ID to IESG for publication Feb 10 Issue first WG-based ID about DKIM reporting extensions May 10 Achieve consensus on DKIM reporting extensions draft Jun 10 Submit DKIM reporting ID to IESG for publication