Re: [Asrg] Report-as-Spam header
Alessandro Vesely <vesely@tana.it> Mon, 11 June 2012 14:27 UTC
Return-Path: <vesely@tana.it>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id B4EC121F850C for <asrg@ietfa.amsl.com>;
Mon, 11 Jun 2012 07:27:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.719
X-Spam-Level:
X-Spam-Status: No, score=-4.719 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245,
RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b0R6yx1w5u0R for
<asrg@ietfa.amsl.com>; Mon, 11 Jun 2012 07:27:35 -0700 (PDT)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by ietfa.amsl.com
(Postfix) with ESMTP id B9B8821F84EC for <asrg@irtf.org>;
Mon, 11 Jun 2012 07:27:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=test;
t=1339424852; bh=N6pOBo5LPT22ZpfLCTJpiu4LHPukvqm8RDZfi7A5ocY=; l=2575;
h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To: Content-Transfer-Encoding;
b=DDDN+4pZ8iKcMpuIJ65b+rfkFZ2TqTVXI/G7sN8ilhuVserDDEHGCdO39h7WSrhE1
BvzJswOL/bRE2LHVmbfIx/7vIXLQCbNbhlwdLyr4jgvMtmD8znak14xHsTMxOpw7bj
2qXuhXp6nYI1J4qFOPK4eyJBYfCVhYJR9BsPUTqU=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5
515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA;
Mon, 11 Jun 2012 16:27:32 +0200 id 00000000005DC033.000000004FD60054.00007C42
Message-ID: <4FD60054.9060706@tana.it>
Date: Mon, 11 Jun 2012 16:27:32 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1;
rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: asrg@irtf.org
References: <4FD4CAA4.5050006@swiftspirit.co.za>
<6.2.5.6.2.20120610123350.0939fc28@resistor.net>
<4FD567DB.2080407@swiftspirit.co.za>
In-Reply-To: <4FD567DB.2080407@swiftspirit.co.za>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] Report-as-Spam header
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>,
<mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
<mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2012 14:27:35 -0000
On Mon 11/Jun/2012 05:36:59 +0200 Brendan Hide wrote: > > Legitimate bulk mail services are already successfully using simple > headers and unique IDs. Typically their "unsubscribe" and > "report-as-spam" links embedded in the headers and in the mail itself > all use the same ID with only the URL being slightly different, for > example /unsubscribe?id=xyz and /report?id=xyz. This has required > minimal investment and research for the providers to implement yet, in > theory, it already achieves a reporting mechanism that can be > automated. The only hindrance with this type of reporting is critical > mass and standardisation. I'm not aware of any two bulk mail services > that use the same format or header. Having such links is required by law in some countries. However, some of them just don't work. Some of them seem to work and tell recipients they're unsubscribed from stream "xyz", but then they get spam with /unsubscribe?id=xyzbis, /unsubscribe?id=xyzter, and so forth. In addition, spammers can add such kind of links pretending to be a reputable originator, in the same way that they fake "From:" and "Return-Path:" header fields. Thus, getting at least a part of the header and body of reported messages would seem to be appropriate in order to reliably determine the originator's identity. > A concern I'm looking at is development time and achievable results. > How many days and lines of code will it take to implement a > server-side report-as-spam header (and corresponding support in MUAs) > vs implementing the reporting mechanisms the IETF MARF Working Group > are working on? A disadvantage of reporting spam directly, from final recipients to senders, is that each end user would have to keep track of the complaints she sent. The reporting entity needs to assess the trustworthiness of each sender, at least to the extent of learning whether abuse reporting has any effect. For example, in some cases it may be better to send reports to the sender's network provider. Thus, it may be convenient to delegate abuse reporting to a trusted central service, such as the recipient's mailbox provider. In the latter scenario, MUA support can be limited to flagging messages to be reported as spam. It would work much like "spam" buttons on webmail sites. That strategy requires less updates to MUA functionality, as it is sufficient to upgrade server software on both sides. However, server software itself is not updated as often as needed, since there are still MXex that understand HELO but not EHLO.
- [Asrg] Report-as-Spam header Brendan Hide
- Re: [Asrg] Report-as-Spam header SM
- Re: [Asrg] Report-as-Spam header Brendan Hide
- Re: [Asrg] Report-as-Spam header SM
- Re: [Asrg] Report-as-Spam header Alessandro Vesely
- Re: [Asrg] Report-as-Spam header John Levine
- Re: [Asrg] Report-as-Spam header Brendan Hide
- Re: [Asrg] Report-as-Spam header Brendan Hide
- Re: [Asrg] Report-as-Spam header Brendan Hide