Re: [Asrg] We don't need no stinkin IMAP or POP, was Adding a spam button to MUAs

Alessandro Vesely <vesely@tana.it> Sun, 07 February 2010 08:21 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E49EB3A7184 for <asrg@core3.amsl.com>; Sun, 7 Feb 2010 00:21:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.602
X-Spam-Level:
X-Spam-Status: No, score=-4.602 tagged_above=-999 required=5 tests=[AWL=-0.039, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id abU-dRWrbZln for <asrg@core3.amsl.com>; Sun, 7 Feb 2010 00:21:07 -0800 (PST)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id A293F3A7183 for <asrg@irtf.org>; Sun, 7 Feb 2010 00:21:07 -0800 (PST)
Received: from mach-4.tana.it (mach-4.tana.it [194.243.254.189]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Sun, 07 Feb 2010 09:22:02 +0100 id 00000000005DC033.000000004B6E782A.000053AA
Message-ID: <4B6E7910.7040806@tana.it>
Date: Sun, 07 Feb 2010 09:25:52 +0100
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20100206062322.5553.qmail@simone.iecc.com> <4B6DBEC2.7010306@mtcc.com>
In-Reply-To: <4B6DBEC2.7010306@mtcc.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] We don't need no stinkin IMAP or POP, was Adding a spam button to MUAs
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2010 08:21:09 -0000

Michael Thomas wrote:
> John Levine wrote:
>> SRV has been around for 15 years, and it's intended for telling you
>> where a domain provides a particular service, which is what we're 
>> doing here.  Is there DNS software we care about that can support TXT
>> with a funny name but not SRV?
>
> I think that the dkim/spf experience is that anything beyond A and CNAME causes
> some dns providers out there to fail. Text does have the advantage that more providers 
> are supporting it because of dkim/spf. I don't think that srv has the same penetration 
> and/or use.... which is a pity because srv records are actually pretty nice in 
> theory.

Using SRV records would be consistent with similar email 
auto-configuration records defined in 
http://tools.ietf.org/html/draft-daboo-srv-email

It may be worth to note that such automatic configuration 
specification is arriving after years of manual configuration 
experience. Yet, it does not provide for automatically enabling the 
A-R field defined by RFC 5451 which, for security reasons, requires 
its field to be ignored "unless specifically enabled by the user or 
administrator after verifying that the border MTA is compliant". 
Possibly, such MTA compliance will eventually be flagged using DNS 
RRs as well, but A-R is not yet a widely deployed field.

Seeking auto-configuration for TiS buttons apparently clashes with 
the experience summarized above. Alex has described how flexible 
reporting flow could work, in a recent message. His description 
resembles the way spam complaints have been produced for many years. 
However, the reason why we want TiS buttons is that the volume of 
spam is so high that we cannot keep its pace unless we automate 
reporting. Even then, why do we want the mechanism for automatic 
reporting to also be automatically configurable?

The possible reasons that I can think of are as follows:

* users cannot determine whether their mailbox providers support
   spam reporting,

* MUAs cannot determine which is the last report-supporting MTA, if
   any, that received a given inbound message,

* most users already gave up reporting spam and won't resume unless
   presented with a fully automated tool, won't even go to the
   trouble of configuring it, or

* the reporting address isn't really fixed, and may vary without
   advice, independently of any other mailbox parameter.

Are there more? And which ones are more relevant?