IETF Logo Mail Archive

[apps-discuss] update to rfc5965

Franck Martin <franck@peachymango.org> Sat, 06 July 2013 22:31 UTC

Return-Path: <franck@peachymango.org>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70ED221F9B5C for <apps-discuss@ietfa.amsl.com>; Sat, 6 Jul 2013 15:31:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mn7FG3cDn+Xz for <apps-discuss@ietfa.amsl.com>; Sat, 6 Jul 2013 15:31:39 -0700 (PDT)
Received: from smtp-out-2.01.com (smtp.01.com [199.36.142.181]) by ietfa.amsl.com (Postfix) with ESMTP id 4EFCC21F9B38 for <apps-discuss@ietf.org>; Sat, 6 Jul 2013 15:31:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id 5078E39001A for <apps-discuss@ietf.org>; Sat, 6 Jul 2013 17:31:36 -0500 (CDT)
X-Virus-Scanned: amavisd-new at smtp-out-2.01.com
Received: from smtp-out-2.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9aTCvJIkysSh for <apps-discuss@ietf.org>; Sat, 6 Jul 2013 17:31:36 -0500 (CDT)
Received: from smtp-out-2.01.com (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id 31D61390052 for <apps-discuss@ietf.org>; Sat, 6 Jul 2013 17:31:36 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by smtp-out-2.01.com (Postfix) with ESMTP id 1CBDB39002F for <apps-discuss@ietf.org>; Sat, 6 Jul 2013 17:31:36 -0500 (CDT)
X-Virus-Scanned: amavisd-new at smtp-out-2.01.com
Received: from smtp-out-2.01.com ([127.0.0.1]) by localhost (smtp-out-2.01.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id D6H3Q8NJFmCK for <apps-discuss@ietf.org>; Sat, 6 Jul 2013 17:31:36 -0500 (CDT)
Received: from mail-2.01.com (mail.01.com [172.18.30.178]) by smtp-out-2.01.com (Postfix) with ESMTP id DC1CA39001A for <apps-discuss@ietf.org>; Sat, 6 Jul 2013 17:31:35 -0500 (CDT)
Date: Sat, 06 Jul 2013 17:31:34 -0500
From: Franck Martin <franck@peachymango.org>
To: IETF Apps Discuss <apps-discuss@ietf.org>
Message-ID: <47488958.173803.1373149894362.JavaMail.zimbra@peachymango.org>
In-Reply-To: <769743608.173673.1373148450418.JavaMail.zimbra@peachymango.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_173802_993822532.1373149894361"
X-Originating-IP: [69.28.149.29]
X-Mailer: Zimbra 8.0.4_GA_5737 (ZimbraWebClient - FF21 (Mac)/8.0.4_GA_5737)
Thread-Topic: update to rfc5965
Thread-Index: KNZZu0OEF7FH8GJyMoPt+eOyNcSREQ==
Subject: [apps-discuss] update to rfc5965
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jul 2013 22:31:50 -0000

http://tools.ietf.org/html/rfc5965 

Specifies the format of Abuse Reporting Format of emails. 

2.d indicates the report should contain either the headers of the reported email as a text/rfc822-headers MIME part or the complete message as an message/rfc822. However if the message reported contains spam, virus, bad links, or in general malware, the complete report is likely to be discarded by the receiver anti-spam filters, never reaching abuse desks for processing. 

It is common amongst security professionals to exchange such dangerous payloads as an encrypted zip file with the common password "infected". This format allows to bypass anti-spam filters as the MTA/MUA is not able to decrypt the attachment to analyze the content. 

It i difficult to request abuse desk to create a separate email infrastructure for abuse@example.com and especially to disable anti-spam and anti-virus checks. Some of these addresses are part of email hosted in the cloud. 

I suggest we add the possibility to send the complete email as message/rcf822 email within either an encrypted zip file or within a GPG symmetrically encrypted file, both using the common password "infected". 

The MIME type should be 
message/rfc822-zip-crypt for an encrypted zip file 
message/rfc822-gpg-crypt for the gpg encrypted file 

gpg and zip are widely used on many systems. 

I'm gathering comments, and will tentatively write a draft if no major block is received.

v2.23.0 | Report a Bug | By Email