Re: [Asrg] Spam button scenarios

Martijn Grooten <martijn.grooten@virusbtn.com> Mon, 08 February 2010 16:23 UTC

Return-Path: <martijn.grooten@virusbtn.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F1533A720B for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 08:23:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.482
X-Spam-Level:
X-Spam-Status: No, score=-3.482 tagged_above=-999 required=5 tests=[AWL=-1.039, BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vy-zwq8hnluU for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 08:23:54 -0800 (PST)
Received: from mx6.sophos.com (mx6.sophos.com [213.31.172.36]) by core3.amsl.com (Postfix) with ESMTP id D7E0C3A7438 for <asrg@irtf.org>; Mon, 8 Feb 2010 08:23:52 -0800 (PST)
Received: from mx6.sophos.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 83DF51E0019 for <asrg@irtf.org>; Mon, 8 Feb 2010 16:24:54 +0000 (GMT)
Received: from uk-exch1.green.sophos (uk-exch1.green.sophos [10.100.199.16]) by mx6.sophos.com (Postfix) with ESMTP id 6135D1E0018 for <asrg@irtf.org>; Mon, 8 Feb 2010 16:24:54 +0000 (GMT)
Received: from UK-EXCHMBX1.green.sophos ([fe80:0000:0000:0000:e1bd:d3c1:23.222.229.221]) by uk-exch1.green.sophos ([192.168.5.67]) with mapi; Mon, 8 Feb 2010 16:24:54 +0000
From: Martijn Grooten <martijn.grooten@virusbtn.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Date: Mon, 8 Feb 2010 16:24:52 +0000
Thread-Topic: [Asrg] Spam button scenarios
Thread-Index: AcqoiA0h5XONIwFgTcC1WvTCJcur1QAUA0Gw
Message-ID: <18B53BA2A483AD45962AAD1397BE1325379D090D54@UK-EXCHMBX1.green.sophos>
References: <alpine.BSF.2.00.1002080111310.16135@simone.lan>
In-Reply-To: <alpine.BSF.2.00.1002080111310.16135@simone.lan>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Asrg] Spam button scenarios
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2010 16:23:55 -0000

> A) User has multiple incoming accounts, presses the spam button, and
> the
> outbound MSA doesn't match the incoming account.  Hence the report goes
> via unrelated third parties that might snoop on it.  Do we care?  The
> user
> has said it's spam, after all.

In theory this may be an issue for a small number of organizations, because if TiS buttons are being used by a large enough number of users, then some of these users will click TiS for legitimate emails, and some of these emails will actually contain confidential information and a still non-zero number of reports will go via unrelated third parties. In practise I would imagine the risk of confidential data leaking through other routes to be significantly bigger. (And of course nothing will stop, say, the CIA from disabling the sending of TiS reports altogether. Or paranoid company X from scanning outbound TiS reports for confidential information.)

> C) I have a Gmail account and a Yahoo account.  The Gmail account is
> set
> up to fetch my Yahoo mail so I can see it all in one place.  I use
> Gmail's
> IMAP server to read my mail.  (I really do this, by the way.)  I hit
> the
> spam button.  Who should get the report?
>
>   1) Gmail since that's who I picked it up from
>   2) Yahoo since that's where the spam was sent
>   3) Gmail but they should also forward the report to Yahoo

3: your MUA doesn't know anything other than that it receives email from Gmail's IMAP server. You can of course tell your MUA that Gmail fetches mail from Yahoo, but not everyone is going to do that, so just sending it to Gmail would be the simplest thing to do. Gmail should know that in this scenario it also acts as an MUA and as such should forward the report to Yahoo. It could, of course, still use the report to improve its own spam filter.

Martijn.


Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.