[Asrg] Adding a spam button to MUAs

"John R. Levine" <johnl@iecc.com> Wed, 09 December 2009 05:35 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id AA7FB3A68FD for <asrg@core3.amsl.com>; Tue, 8 Dec 2009 21:35:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -19.121
X-Spam-Status: No, score=-19.121 tagged_above=-999 required=5 tests=[AWL=-0.078, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, RCVD_IN_DNSWL_HI=-8, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id AJrj88YWzqTB for <asrg@core3.amsl.com>; Tue, 8 Dec 2009 21:35:17 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com []) by core3.amsl.com (Postfix) with ESMTP id 5CD7F3A6811 for <asrg@irtf.org>; Tue, 8 Dec 2009 21:35:17 -0800 (PST)
Received: (qmail 75184 invoked from network); 9 Dec 2009 05:35:04 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent:cleverness; s=k0912; bh=mb6LcwN+5UuZLwyqMGWa8JvAE8e8uHH2AnYy0pePHJU=; b=NdyFxvmWU8b75qqSv/ZgxiECxgo02nNKdA/b84nDGb+5T178u6NJIX/57JND/rCZmCzdjIseSKDyPoGqqihF50zWOK9bVB+ch5zMsBBz+nP6SX1foiVHTEdUPhP/kZq4wFcvPfQ8TIE4fEQPAEtV0PLL2HO4guUNhhlHGaF/blw=
Received: (ofmipd with (DHE-RSA-AES256-SHA encrypted) SMTP; 9 Dec 2009 05:34:41 -0000
Date: 9 Dec 2009 00:35:03 -0500
Message-ID: <alpine.BSF.2.00.0912082138050.20682@simone.lan>
From: "John R. Levine" <johnl@iecc.com>
To: "Anti Spam Research Group" <asrg@irtf.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: [Asrg] Adding a spam button to MUAs
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2009 05:35:18 -0000

Most web mail systems have a spam or junk button that lets a user report 
unwanted mail to his ISP.  The ISP does whatever it does, typically tune 
their spam filters, and perhaps send a feedback report if the message is 
from someone with whom they have an FBL agreement.

Lots of us don't use web mail.  We use POP or IMAP to pick up our mail, 
and SUMBIT to send it.  How would we add a spam button in our MUAs work?

An obvious approach would be to pack up the message in an ARF report and 
mail it somewhere.  I don't think that would work, because MUAs these days 
can handle multiple inbound and outbound accounts, with the various 
accounts only loosely connected.  I have users who pick up their mail 
here, but send via their ISP's mail server and vice versa.  If you were to 
send the report via SMTP you might well send it to someone who'd never 
seen the message before.

So the report needs to be tied to the inbound account.  For IMAP accounts, 
a simple approach is to have an IMAP spam folder, and move the message 
there.  AOL does this in their IMAP access, so I suppose that makes it a 
de-facto standard.  POP is harder, since there's nothing I can see that 
would obviously do the trick.  If you could assume that the message was 
still on the server, you could have a JUNK command that provided the UIDL 
of the message to report, but in typical POP setups, the messages are 
downloaded and deleted from the server before the user sees them.  The 
alternative is to add a command to upload the junk message, e.g.

   +OK send the message
blah blah copy of downloaded message blah blah
   +OK junk reported

That's workable, although it's slow since it has to upload the entire 
message, and it may be hard for MUAs to implement since they often add 
annotations to the downloaded messages that would confuse the server if 
handed back.

Yet another possibility would be a command for the POP server that 
provides an address to which to the MUA can send an ARF report, keeping in 
mind that the report may take a roundabout route if the MUA is set up to 
use someone else's SUBMIT server.  The address would presumably be obscure 
and time limited, with the user's mailbox somehow encoded into it, so that 
the server can recognize the report when it arrives, and to limit the 
chances of random spam that happens to arrive at the reporting 
addresses being misinterpreted as a junk report.

Any bright ideas?  Is there a way to make this work with POP that isn't 
an utter kludge?