[Asrg] An "ideal" false positive (TMGRS take 2)

Alessandro Vesely <vesely@tana.it> Thu, 28 January 2010 18:04 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 095103A6AB3 for <asrg@core3.amsl.com>; Thu, 28 Jan 2010 10:04:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.884
X-Spam-Status: No, score=-4.884 tagged_above=-999 required=5 tests=[AWL=-0.165, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 6ny+CCSu8vWN for <asrg@core3.amsl.com>; Thu, 28 Jan 2010 10:04:28 -0800 (PST)
Received: from wmail.tana.it (www.tana.it []) by core3.amsl.com (Postfix) with ESMTP id 185B13A6AB1 for <asrg@irtf.org>; Thu, 28 Jan 2010 10:04:27 -0800 (PST)
Received: from [] (pcale.tana []) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Thu, 28 Jan 2010 19:04:43 +0100 id 00000000005DC035.000000004B61D1BB.00000C3F
Message-ID: <4B61D1BA.6060807@tana.it>
Date: Thu, 28 Jan 2010 19:04:42 +0100
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20090812 Thunderbird/ Mnenhy/
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Asrg] An "ideal" false positive (TMGRS take 2)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2010 18:04:29 -0000

Alice reports as spam a message from Bob, either by mistake or out of 
curiosity. Statistically irrelevant as this fact is, ignoring it will 
convey the impression that TIS buttons represent a somewhat garbled 
functionality. What should happen in an ideal case?

IMHO: The abuse report (AR) is received by Alice's server --the one 
responsible for receiving. This server determines that the message had 
been sent by Bob's server --the one responsible for sending. Assume 
that Alice's server trusts Bob's one, then the former may forward the 
AR to the latter. Bob had authenticated himself for sending that 
message, hence his server can send him a warning that he shouldn't 
have sent spam, with the AR attached. The readable text in the ARF may 
mention the trust chain. In this case, it is Bob who determines that 
this AR is an FP. He may ask for human inspection of the message, 
unless Alice retracts her report. IOW, human inspection of spam is 
only required in case of dispute.

Does this shed some light on the role of an external service? 
Normally, if Alice and Bob have different domains, there is no trust 
relationship between their servers. Therefore, Alice's server should 
route the AR through the trusted external service that vouched for 
Bob's server. No vouch, no FBL.

I think the "external service" /is/ the MGRS. All what it has to know 
is that Bob's server is not a bot nor a spammer, although some users 
there may occasionally fall into temptation. By monitoring all ARs 
concerning a given MTA, it can ascertain whether its postmaster do 
stop local spammers: it can both track individual ESMTPSA senders, and 
determine the spam rate against the number of /good/ VBR DNS lookups. 
The rest is policy (how does an MTA assess new users, how it stops bad 
senders, how it solves disputes) and protocol (how to avoid multiple 
FBLs in case of multiple vouchers, how to track mailing list 
subscriptions, et cetera.)