[apps-discuss] FW: Spam reporting over IMAP

Zoltan Ordogh <zordogh@rim.com> Thu, 19 January 2012 22:10 UTC

Return-Path: <zordogh@rim.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1927321F86B1; Thu, 19 Jan 2012 14:10:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.887
X-Spam-Status: No, score=-4.887 tagged_above=-999 required=5 tests=[AWL=0.316, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id EliqQplfk4zW; Thu, 19 Jan 2012 14:10:31 -0800 (PST)
Received: from mhs060cnc.rim.net (mhs060cnc.rim.net []) by ietfa.amsl.com (Postfix) with ESMTP id 7227921F86DC; Thu, 19 Jan 2012 14:10:30 -0800 (PST)
X-AuditID: 0a41282f-b7f9d6d000002fe5-57-4f1894cd07d8
Received: from XHT105CNC.rim.net (xht105cnc.rim.net []) (using TLS with cipher AES128-SHA (AES128-SHA/128 bits)) (Client did not present a certificate) by mhs060cnc.rim.net (SBG) with SMTP id 56.41.12261.DC4981F4; Thu, 19 Jan 2012 22:10:21 +0000 (GMT)
Received: from XCT107CNC.rim.net ( by XHT105CNC.rim.net ( with Microsoft SMTP Server (TLS) id; Thu, 19 Jan 2012 17:10:21 -0500
Received: from XMB107ACNC.rim.net ([fe80::f1d2:c1d5:f469:3f83]) by XCT107CNC.rim.net ([fe80::b815:71ef:9f8f:e07c%16]) with mapi id 14.01.0339.001; Thu, 19 Jan 2012 17:10:20 -0500
From: Zoltan Ordogh <zordogh@rim.com>
To: John C Klensin <john-ietf@jck.com>, Alessandro Vesely <vesely@tana.it>
Thread-Topic: [apps-discuss] Spam reporting over IMAP
Thread-Index: AczO/5w0zIm+SpJ7RGmLza1UzvIy+ADJcaFQADFelgAACKZQAAC4je8QAD4ANWA=
Date: Thu, 19 Jan 2012 22:10:19 +0000
Message-ID: <1DE983233DBBEB4A81F18FABD8208D76226DA413@XMB107ACNC.rim.net>
Accept-Language: en-CA, en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
content-transfer-encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBKsWRmVeSWpSXmKPExsXC5chzQ/fsFAl/gy03ZCxWv1zBZvFs43wW i9ZLf9gsJt79yeLA4rFkyU8mj8srXzN7nNjFG8Ac1cBok5iXl1+SWJKqkJJanGyr5JOanpij EFCUWZaYXKngklmcnJOYmZtapKSQmWKrZKKkUJCTmJyam5pXYquUWFCQmpeiZMelgAFsgMoy 8xRS85LzUzLz0m2VPIP9dS0sTC11DZXsdJFAwj/ujIP/epgLPidUTFvxhbGB8aBvFyMnh4SA icTJi4+YIWwxiQv31rN1MXJxCAn0MknsOXKaFcJZzihx7uRxRghnG6NE17Y77F2MHBxsAqoS c67GgnSLCHhJTLt7lQ3EZhbwlFh3/yITiC0MtGH+nSfsEDWmEktnXoCy/STWzDsOZrMAjdm0 /jkriM0L1Lv+5j0WEJtRQFZi99nrTBAzxSVuPZnPBHGpgMSSPeehrhaVePn4HyuErSjxpHEz C0S9nsSNqVOg7tGWWLbwNTPEfEGJkzOfgNUICchIPJ9yiX0Co9gsJCtmIWmfhaR9FpL2BYws qxgFczOKDcwMkvOS9Yoyc/XyUks2MYKTiIb+Dsa+vVqHGAU4GJV4eEP7JfyFWBPLiitzDzFK cDArifA29AGFeFMSK6tSi/Lji0pzUosPMVoAQ2IisxR3cj4wweWVxBsbGKBwlMR5NdXv+QkJ pANTUnZqakFqEUwrEwenVAPjhQfsn9P+zWa7NS0s6/SziA+a9YVueyfJC2UXcL+1Fl0RoXpq nS1Xs8OTSd/zZhXOY3Y4VL16cuXX0t0vPrE/FJ1sdmBm7/vDQiZf3t/nrJip5fX6qvO87vkd jzIyjSc8W1owfWNucAoTt7Uzk3fDjy8H9R+VfBBYzeektlqkZjvTXr0plaY8SizFGYmGWsxF xYkAW7VcJTsDAAA=
Cc: ietf <ietf@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: [apps-discuss] FW: Spam reporting over IMAP
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2012 22:10:33 -0000

Hi all,
I would like to address the issues that involve SM, Alessandro and John first.

I understand the confusion has risen because my name is listed as an author on draft-ordogh-spam-reporting-using-imap-kleansed-00.
I would like to make it clear that while draft-ordogh-spam-reporting-using-imap-kleansed-00 bears my name and I am listed as the author of this, I was not involved - nor consulted - on its development. I am of course happy to work with anyone who wishes to progress either draft as long as the work gets done in IETF. As I said before, if there is no interest to keep the work in IETF, while not desirable, it is perfectly fine; the work will happen in OMA EVVM.

I noticed that a declaration has been made on draft-ordogh-spam-reporting-using-imap-kleansed-00. This simple fact should answer SM's question.

Alessandro said he emailed Sarah and got no response. I asked Sarah and she told me she have not received any emails from Alessandro. The only thing I can add here is that RIM has very strict spam filters in place. The sender or the recipient will not know what happened to an email. If you do not get a response within a reasonable timeframe, please email the person again (with a different subject and body, to ensure that there's absolutely nothing in the mail that might trigger a spam filter). BTW, since I am bound by RIM's policies as Sarah, this holds true for my emails as well.

Speaking of IT policies.
Regarding John's concern about the disclaimer in the email message. It is an IT policy in RIM, there is nothing I can do about it as it is beyond my control. Since the emails are sent to a public mailing list, all information in the email can be considered public - in which case I believe that disclaimer does not apply. If I accidently put some information into that email that was not meant to be public, I will have to follow up on it and you will know.
Next, I try to do my best to address John's other comments below (2 through 4).

> -----Original Message-----
> From: John C Klensin [mailto:john-ietf@jck.com]
> Sent: January 14, 2012 12:40 PM
> To: Alessandro Vesely; Zoltan Ordogh
> Cc: ietf; apps-discuss@ietf.org
> Subject: Re: [apps-discuss] Spam reporting over IMAP
> --On Saturday, January 14, 2012 14:32 +0100 Alessandro Vesely <vesely@tana.it> wrote:
> >...
> >> A bit later, a liaison statement was sent from OMA to IETF, seeking 
> >> collaboration and a "home" for the draft; as required by RFC3975.
> >
> > I assume you're still talking about SREP.  I read a reply by John 
> > Klensin, whom I consider a sort of IETF guru, and it didn't prospect 
> > a bright future for the draft.  I posted a "kleansed" version trying 
> > to address some of those concerns, in an attempt to improve the 
> > chances that APPSAWG will adopt it.  Somewhat arbitrarily, I changed 
> > the IPR qualification of the document too.  In fact, I had the 
> > impression that the IPR was that way because OMA SpamRep was being 
> > mentioned, albeit not being specified, and also because that was one 
> > of the points raised.
> > I hope my editing was correct, but your approval as author is  needed.
> >...
> Alessandro, Zoltan,
> Guru or not (some would certainly dispute that), this is strictly a 
> personal comment and personal opinion.  Just to clarify my view of this (other may have different opinions)...
> (1) I think SM's question, and anything else having to do with the IRP 
> status of this document (or pair of documents) has to be
> completely clear.   The IETF could certainly decide to process
> the document even if the technology were encumbered (has happened many 
> times before), but uncertainty is pretty much a showstopper.  
> Alessandro's concerns about distribution disclaimers on email messages that discuss the topic only reinforce my concern in this area.
[ZÖr] I addressed this above.

> (2) Similarly, both of you, and RIM and OMA, need to understand that 
> handing something like this off to IETF, especially for 
> standards-track processing, is a handoff of change control.  The IETF 
> can modify (we hope improve) things as it likes, even after approval 
> of the first version of the document as a Proposed Standard.  Joint ownership/ change control arrangements are possible, but they are very hard and time-consuming to negotiate and perhaps, due to some bad experience, likely to get harder.

[ZÖr] I think I understand your concern. The draft contains one possible solution - one that fulfills the requirements set and was 'good enough' for OMA. It is not a draft from OMA. It is an individual contribution; OMA merely endorses it because it fulfills the requirement they need. I am fairly confident that if IETF can find a more efficient solution than the one in my draft, one that fulfills the requirement OMA needs, then OMA will be more than happy to discard my draft - even as a whole if need be - and go with the more efficient solution instead. The only concern I would expect OMA to raise in this case is the schedule (the availability of a fairly stable draft). I said already that I am happy to work with either document. I can also say that while I would not be particularly happy about discarding my draft considering the amount of time I invested in writing it and doing the legwork in OMA, I would not make a big deal out of discarding it in favor of a more efficient solution that achieves the objectives set.
These statements, as a whole, should re-assure that it is not a simple handoff of change control. Rather, an initial draft (including its imperfections) to kick off the work in IETF - a work entirely owned by IETF, as laid out in RFC3975. It is unfortunate that there was no response to the liaison statement sent from OMA to IETF; these things could have been clarified long ago.

> (3) The leadership of AppAWG, and the ADs, will do as they think 
> appropriate, but, if I were making the rules, no one would spend 
> energy trying to sort out the differences between a pair of competing 
> documents.  I suggest that the two of you get together, offlist, and 
> see if you can reach clear agreement on a single draft that supercedes 
> both documents.  That is a matter of courtesy to those of us you are asking to consider the work and is quite independent of the IPR concerns (although they do interact).

[ZÖr] I am not asking anyone to discuss the merits of either draft; in fact, I left out all technical discussions - on purpose. What I would like to figure whether IETF is interested on working on this topic - which is the same thing that was asked in the liaison statement. I mean, I can work offline with Alessandro and come up with a nice, consolidated draft - but that would not solve anything because in the end, we would have to ask the same questions afterwards; a draft supported by only two participants won't make it into a standards-track RFC. Ergo, more support to work on this topic (not a specific draft) would be needed. And, this is exactly what I am trying to figure out.
> All three of those issues are administrative, not technical.
> They should be easily solved.  My personal preferences is that the 
> AppsAWG, and the apps-discuss list, spend no more time on this until/unless they are resolved.  YMMD, of course.

[ZÖr] From my perspective, these administrative issues have been addressed.

> (4) The core of my previous comments was a technical concern, not an 
> administrative one.

[ZÖr] Again, I would like to leave technical discussions out, for now at least, especially because the draft in question may change substantially (maybe even thrown out) once the work starts.
> Even if one ignores the security concerns, the 
> stability issues for normative references, and so on, many of us believe that the IMAP protocol has become far too complicated, with too many options and features.
> That complexity increases the requirements on IMAP servers that wish 
> to support a wide range of clients and applications and on clients that wish to support a reasonable range of features but
> work with servers that may not support all of them.   Whatever
> the advantages, too much code and too many code paths are not 
> conducive to very high quality, bug- free, implementations.

[ZÖr] That is my understanding as well. After Lemonade concluded its work, there were rumors about IMAP5 - which, I understand, would have removed the unused things from the specifications, consolidated must-haves into the base spec, and tidied up the loose ends a bit. Unfortunately it did not happen, so we have to work with what we have - and however undesirable the situation is. Sooner or later, IETF will have to face this problem and deal with this issue, irrespective of any newly proposed extensions. If you ask me, the sooner it happens, the better. The problem has been identified already, which is always a good sign because it indicates that people know exactly what needs to be done. The only thing I am unsure of is: "What's keeping IETF from taking an action?". Standards evolve and soon, it will have been 10 years since IMAP4 was released. But, I believe that this discussion is more or less irrelevant to the original topic in question; this is not why I am knocking on the IETF door. OMA has decided to use IMAP4 already.

> This proposal seems to me to take IMAP into a whole new area.
> I'm not questions whether or not that is possible because I'd be 
> certain it would be, even without the assertiosn that there are 
> implementations out there.  I am questioning whether there is a strong 
> enough case to be made that this belongs in IMAP to justify further 
> clutter in the protocol and even lower odds of seeing high-quality 
> clients.  I observe that probably the best general-purpose --as 
> distinct from, e.g., specialized for mobile
> devices-- IMAP client out there is now quite old, largely 
> unmaintained, and has not picked up on any of the new features
> added in the last several years.    Neither version of the
> document really addresses that issue.  Some of  the comments from the 
> two of you about why it is hard and/or expensive to do it in other 
> ways certainly have merit, but need, IMO, to be balanced off against other considerations including the above.
> That balance won't be easy to find especially since, as I am sure you 
> both know, there is no community agreement about the degree to which 
> it is appropriate to make normal, desired, email work worse in order 
> to provide better facilities for spam-handling, especially spam-handling at or after the final delivery MTA.

[ZÖr] I cannot possibly comment on what gets picked up, what does not get picked up (or why) in individual client or server implementations, or, in various services. All I can say is that there is a hole, OMA is trying to fill it in and one possible solution has been created - and now I am trying to find out whether there's interest in working on this topic.

> Bottom line: I think we should see a single draft that really 
> addresses all of the technical issues, including the design tradeoffs 
> and security topics, _and_ addresses the IPR/administrative one in a way with which we can all be comfortable before being asked to decide whether AppsAWG should
> take this up.   If asked to make a decision without such a draft
> having been posted, I would vote "no".
>    john

[ZÖr] There is nothing I can add here that I have not said already. I have received a good deal of comments offline. I plan on addressing those, uploading a revision, checking in with Alessandro and addressing the rest of the comments later either as a new draft of an update.
Comments, new draft, comments, new drafts. Isn't it already a "work being done" in IETF driven by interest of individuals? Feels like normal IETF procedure to me. Just a thought.

This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.