Re: [Asrg] ARF traffic, was Spam button scenarios

Steve Atkins <steve@blighty.com> Tue, 09 February 2010 19:24 UTC

Return-Path: <steve@blighty.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AE4ED3A75A8 for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 11:24:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.458
X-Spam-Level:
X-Spam-Status: No, score=-6.458 tagged_above=-999 required=5 tests=[AWL=-0.015, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlFiEKpRShlr for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 11:24:29 -0800 (PST)
Received: from m.wordtothewise.com (fruitbat.wordtothewise.com [208.187.80.135]) by core3.amsl.com (Postfix) with ESMTP id 008D13A742D for <asrg@irtf.org>; Tue, 9 Feb 2010 11:24:29 -0800 (PST)
Received: from platterhard.wordtothewise.com (184.wordtothewise.com [208.187.80.184]) by m.wordtothewise.com (Postfix) with ESMTP id 79F1C4F853C for <asrg@irtf.org>; Tue, 9 Feb 2010 11:25:36 -0800 (PST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1077)
From: Steve Atkins <steve@blighty.com>
In-Reply-To: <4B71B575.7050107@tana.it>
Date: Tue, 9 Feb 2010 11:25:36 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <6B755324-E7B2-4EE3-B059-35FD0F74EDA7@blighty.com>
References: <20100208150513.49394.qmail@simone.iecc.com> <0BF553ABE600903AE55F0E89@lewes.staff.uscs.susx.ac.uk> <4B718E2A.5070304@tana.it> <D0AC3DDE-3995-4EE9-9914-30E2831BAE22@blighty.com> <4B71A3D8.40401@tana.it> <4B71A96D.8060909@nortel.com> <4B71B575.7050107@tana.it>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
X-Mailer: Apple Mail (2.1077)
Subject: Re: [Asrg] ARF traffic, was Spam button scenarios
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2010 19:24:29 -0000

On Feb 9, 2010, at 11:20 AM, Alessandro Vesely wrote:

> On 09/Feb/10 19:29, Chris Lewis wrote:
>> Alessandro Vesely wrote:
>>> form abuse@domain is standardized by rfc 2142. Some people (e.g.
>>> Abusix) may plan to send machine generated complaints at such addresses.
>> 
>> And they'll learn very very soon that that doesn't work.
>> 
>> Been there/done that in a limited fashion, and even in that limited
>> fashion, it don't work.
> 
> Why not, _what_ goes wrong?
> 
>> Do NOT assume that TiS buttons have anything to do whatsoever with
>> RFC2142, standardized role accounts, or whois "abuse-mailbox" entries.
>> 
>> Filter tuning doesn't, nor do FBLs (ARF'd or otherwise). While abuse@
>> _may_ get derivations of TiS reports via ARF in some specific cases that
>> are pre-arranged in advance, in no sense should we encourage such role
>> accounts to be target for a raw MUA (or even MTA) stream of complaints.
> 
> It seems to me that a simple filter could determine ARF/non-ARF quality of a message in a fraction of the time that spamassassing would take to process it, assuming abuse@ boxes are whitelisted.

You (and others) are obsessing about the MIME format of inbound email, which is something of a scarlet fish.

Any real ISP is going to be getting ARF formatted reports from all over the place, most solicited, some not. So it's not really much more meaningful than the mail coming in as MIME or in German, or with an attachment.

What you need to be able to identify is who sent it to you, for what purpose, under what agreement and what you need to do with the data in it. Those are entirely orthogonal to the trivial implementation detail of the MIME structure of the email. Once you've done that, then you know what you need to do with the mail, and the details of how it's formatted become relevant.

Cheers,
  Steve