Re: [Asrg] ARF traffic, was Spam button scenarios
"Chris Lewis" <clewis@nortel.com> Tue, 09 February 2010 18:28 UTC
Return-Path: <CLEWIS@nortel.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 035BC3A75A0 for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 10:28:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.461
X-Spam-Level:
X-Spam-Status: No, score=-6.461 tagged_above=-999 required=5 tests=[AWL=-0.018, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wdyg72QZSAiF for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 10:28:22 -0800 (PST)
Received: from zcars04e.nortel.com (zcars04e.nortel.com [47.129.242.56]) by core3.amsl.com (Postfix) with ESMTP id BA07C3A7593 for <asrg@irtf.org>; Tue, 9 Feb 2010 10:28:21 -0800 (PST)
Received: from zrtphxs1.corp.nortel.com (casmtp.ca.nortel.com [47.140.202.46]) by zcars04e.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id o19ITPI06990 for <asrg@irtf.org>; Tue, 9 Feb 2010 18:29:25 GMT
Received: from zrtphx5h0.corp.nortel.com ([47.140.202.65]) by zrtphxs1.corp.nortel.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 9 Feb 2010 13:29:24 -0500
Received: from [47.130.80.167] (47.130.80.167) by zrtphx5h0.corp.nortel.com (47.140.202.65) with Microsoft SMTP Server (TLS) id 8.1.340.0; Tue, 9 Feb 2010 13:29:24 -0500
Message-ID: <4B71A96D.8060909@nortel.com>
Date: Tue, 09 Feb 2010 13:29:01 -0500
From: Chris Lewis <clewis@nortel.com>
Organization: Nortel
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.23) Gecko/20090812 Lightning/0.9 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20100208150513.49394.qmail@simone.iecc.com> <0BF553ABE600903AE55F0E89@lewes.staff.uscs.susx.ac.uk> <4B718E2A.5070304@tana.it> <D0AC3DDE-3995-4EE9-9914-30E2831BAE22@blighty.com> <4B71A3D8.40401@tana.it>
In-Reply-To: <4B71A3D8.40401@tana.it>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 09 Feb 2010 18:29:24.0653 (UTC) FILETIME=[CE2A3DD0:01CAA9B5]
Subject: Re: [Asrg] ARF traffic, was Spam button scenarios
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2010 18:28:23 -0000
Alessandro Vesely wrote: > On 09/Feb/10 17:45, Steve Atkins wrote: >> On Feb 9, 2010, at 8:32 AM, Alessandro Vesely wrote: >>> There's a whole theory of other ARF messages that may arrive at a domain's abuse@ mailbox. A domain's user, or someone writing to a forwarded address of that domain, writes a message that is reported as spam, either correctly or by mistake. As part of an FBL or other trust-chain, the message comes back wrapped in an ARF report at the apparently originating domain. >>> >>> The mailbox is abuse@domain in both cases. Although it may seem desirable to have different addresses for incoming and outgoing reports, I doubt such distinction will ever be effective. Indeed, the forwarded case is ambiguous. >> If you think that any part of this chain is involving mail sent to abuse@ anywhere your model of it is a long way from how I understand the situation. > > The abuse-mailbox is an attribute in some whois db (e.g. RIPE). The > form abuse@domain is standardized by rfc 2142. Some people (e.g. > Abusix) may plan to send machine generated complaints at such addresses. And they'll learn very very soon that that doesn't work. Been there/done that in a limited fashion, and even in that limited fashion, it don't work. Do NOT assume that TiS buttons have anything to do whatsoever with RFC2142, standardized role accounts, or whois "abuse-mailbox" entries. Filter tuning doesn't, nor do FBLs (ARF'd or otherwise). While abuse@ _may_ get derivations of TiS reports via ARF in some specific cases that are pre-arranged in advance, in no sense should we encourage such role accounts to be target for a raw MUA (or even MTA) stream of complaints. > I agree that's a possibility. I've proposed abuse@authserv-id, which > may or may not be simpler. I don't think it makes a big difference. @authserv-id may well be a good idea, but _not_ to "abuse" or any other pre-existing role account intended, as in the old way, for human consumption. > Yes, but I've used abuse@tana.it for the FBL(s) I've subscribed to. > Perhaps if I had a ponderous ARF traffic I'd be better off using a > different address. However, that would be more of a nuisance if then > I'd have to redirect there other ARF messages that somehow reach the > abuse mailbox instead of my dedicated address. It'd be more than a nuisance if the standard forces a one-size-fits-all targetting of all MUA-generated ARFs at abuse@everywhere. Best to simply not go there.
- Re: [Asrg] Spam button scenarios Steve Atkins
- [Asrg] Spam button scenarios John R. Levine
- Re: [Asrg] Spam button scenarios Daniel Feenberg
- Re: [Asrg] Spam button scenarios Ian Eiloart
- Re: [Asrg] Spam button scenarios Andreas Saurwein Franci Gonçalves
- Re: [Asrg] Spam button scenarios John Levine
- Re: [Asrg] Spam button scenarios Ian Eiloart
- Re: [Asrg] Spam button scenarios Alessandro Vesely
- Re: [Asrg] Spam button scenarios Ian Eiloart
- Re: [Asrg] Spam button scenarios John Levine
- Re: [Asrg] Spam button scenarios Derek Diget
- Re: [Asrg] Spam button scenarios Martijn Grooten
- Re: [Asrg] Spam button scenarios der Mouse
- Re: [Asrg] Spam button scenarios Bill Weinman
- Re: [Asrg] Spam button scenarios Chris Lewis
- Re: [Asrg] Spam button scenarios Seth
- Re: [Asrg] Spam button scenarios Steve Atkins
- Re: [Asrg] Spam button scenarios Martijn Grooten
- Re: [Asrg] Spam button scenarios John Levine
- Re: [Asrg] Spam button scenarios Ian Eiloart
- Re: [Asrg] Spam button scenarios Ian Eiloart
- [Asrg] ARF traffic, was Spam button scenarios Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios Steve Atkins
- Re: [Asrg] ARF traffic, was Spam button scenarios Ian Eiloart
- Re: [Asrg] ARF traffic, was Spam button scenarios Steve Atkins
- Re: [Asrg] ARF traffic, was Spam button scenarios Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios Steve Atkins
- Re: [Asrg] ARF traffic, was Spam button scenarios Chris Lewis
- Re: [Asrg] ARF traffic, was Spam button scenarios Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios Steve Atkins
- Re: [Asrg] ARF traffic, was Spam button scenarios Chris Lewis
- Re: [Asrg] ARF traffic, was Spam button scenarios Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios Ian Eiloart
- Re: [Asrg] ARF traffic, was Spam button scenarios Ian Eiloart