Re: Proposed WG charter for "arf" (Abuse Report Format)

[Alessandro Vesely <vesely@tana.it>]

Murray S. Kucherawy wrote:
> Furthermore, some extensions to the current proposal are 
> of interest to the community, such as the means for an operator to advertise 
> an email address to which abuse reports using ARF should be sent.

Apparently, that snippet considers "generic" reports. It is not 
explicit from the proposal if that email address is going to be 
specified in the same RFC that also standardizes the ARF. Since a 
(possibly different) email address is mentioned in your dkim-reporting 
draft, I understand a generic ARF email address is not what you aim 
for. In facts, there are two obvious arguments against it:

1) When feedback reports are processed by software, it may be 
convenient to have different addresses for different types of report.

2) The primary target for "generic" abuse reports (fraud, spam, virus, 
etcetera) would be the abuse desk of the organization accountable for 
originating the message. A document specifying where the target 
address can be found should also say how to identify such accountable 
originator, which is not a marginal task for a document --or a WG-- 
dedicated to a format specification.

OTOH, there are various possible synergies. For example, some of the 
r/rs/ri/ro/rs tags that describe feedback characteristics could be 
factored out in the ARF document, so as to avoid having to repeat them 
every time. SPF's softfail result might be a good candidate for 
collecting reports about SPF checks. DKIM's key reporting policy might 
require SPF "pass" to avoid collecting reports about extraneous 
transmitters trying to forge signatures. My vhlo draft defines the 
accountable originator mentioned in (2) above. Giving room to these 
synergies may expand the WG goals beyond reporting issues, and add one 
or two "issue/achieve/submit" triplets to its milestones. Would that 
be good or bad?