Re: [Asrg] Adding a spam button to MUAs

Bart Schaefer <schaefer@brasslantern.com> Fri, 05 February 2010 02:58 UTC

Return-Path: <schaefer@closedmail.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C84A3A6991 for <asrg@core3.amsl.com>; Thu, 4 Feb 2010 18:58:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.443
X-Spam-Level:
X-Spam-Status: No, score=-2.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eMVW5h7ODVZh for <asrg@core3.amsl.com>; Thu, 4 Feb 2010 18:58:24 -0800 (PST)
Received: from vms173013pub.verizon.net (vms173013pub.verizon.net [206.46.173.13]) by core3.amsl.com (Postfix) with ESMTP id AFA9B3A6878 for <asrg@irtf.org>; Thu, 4 Feb 2010 18:58:24 -0800 (PST)
Received: from torch.brasslantern.com ([unknown] [173.67.92.79]) by vms173013.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0KXC002VBLLQEG72@vms173013.mailsrvcs.net> for asrg@irtf.org; Thu, 04 Feb 2010 20:58:43 -0600 (CST)
Received: from torch.brasslantern.com (localhost.localdomain [127.0.0.1]) by torch.brasslantern.com (8.13.1/8.13.1) with ESMTP id o152wYPR011046 for <asrg@irtf.org>; Thu, 04 Feb 2010 18:58:34 -0800
Received: (from schaefer@localhost) by torch.brasslantern.com (8.13.1/8.13.1/Submit) id o152wYdW011045 for asrg@irtf.org; Thu, 04 Feb 2010 18:58:34 -0800
From: Bart Schaefer <schaefer@brasslantern.com>
Message-id: <100204185834.ZM11044@torch.brasslantern.com>
Date: Thu, 04 Feb 2010 18:58:34 -0800
In-reply-to: <7AC9CB85-1F82-4FD8-8411-F45E74EE6A59@blighty.com>
Comments: In reply to Steve Atkins <steve@blighty.com> "Re: [Asrg] Adding a spam button to MUAs" (Feb 4, 4:18pm)
References: <20100204232046.53178.qmail@simone.iecc.com> <4B6B5F78.3070607@nortel.com> <7AC9CB85-1F82-4FD8-8411-F45E74EE6A59@blighty.com>
X-Mailer: OpenZMail Classic (0.9.2 24April2005)
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Subject: Re: [Asrg] Adding a spam button to MUAs
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2010 02:58:25 -0000

On Feb 4,  4:18pm, Steve Atkins wrote:
}
} There's a subtle implication, which is that if you're stashing the
} ARF consumer address in a header, and your MX isn't overwriting (or
} stripping) that header, then it's possible that spam reports could
} be sent to the preferred reporting address of someone further up
} the delivery chain. I see this as an advantage, but it needs to be
} mentioned.

This is exactly the point I was making, over at the head of another
sub-thread.  If a reporting address can come in from somewhere up the
chain, then it can come in *forged*, and whatever software is going
to interpret the address needs a defense against that.

Numerous proposals for dealing with this (and arguments about why it
isn't necessary, or in Rich's case, why it's irrelevant) have already
been bandied about.