Re: [Asrg] Iteration #3.

John Levine <johnl@taugh.com> Sun, 07 February 2010 19:49 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0D4BD3A7264 for <asrg@core3.amsl.com>; Sun, 7 Feb 2010 11:49:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.808
X-Spam-Level:
X-Spam-Status: No, score=-14.808 tagged_above=-999 required=5 tests=[AWL=-4.209, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 304RZ6GBjGs4 for <asrg@core3.amsl.com>; Sun, 7 Feb 2010 11:49:21 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by core3.amsl.com (Postfix) with ESMTP id D4C9D3A7102 for <asrg@irtf.org>; Sun, 7 Feb 2010 11:49:20 -0800 (PST)
Received: (qmail 32281 invoked from network); 7 Feb 2010 19:50:19 -0000
Received: from mail1.iecc.com (208.31.42.56) by mail1.iecc.com with QMQP; 7 Feb 2010 19:50:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k1002; olt=johnl@user.iecc.com; bh=LWAtVH5U0xBRw3ctBI8zbkCPFhkKTW/sXTtb0AVrflk=; b=slpBFC1ElWgV7bZHdh9shwSHj8/MYK7zyr0n293KisY6ll2jaiicdwipGCAzmdAhx5v5Pbb/NUWVqrasJqp68fRCuxqSMS/LrJK++xCqFWB1+QB5P2OhMZ6WuvxXxLU1vu2g113zDIeIfcKeIMsNzoToSTlJXqyBZ848qiQTXfs=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k1002; bh=LWAtVH5U0xBRw3ctBI8zbkCPFhkKTW/sXTtb0AVrflk=; b=jmO8wkVZPUYRkhUwL/kkzqG69Xx4b801lZXng4/uFfqR7C6bTWB6gZxCxQm5BY339OQP2NMDp6UpwbtOKOeSgNPrBfAPawFT9LaPoKodg6O2XjgD//Z9vesKnTPhseoqHxKG/TaHvOteVn4BYsVkyZKon2b0nvOAC83xmJYiIcU=
Date: 7 Feb 2010 19:50:19 -0000
Message-ID: <20100207195019.53820.qmail@simone.iecc.com>
From: John Levine <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <4B6EF1DE.8070405@dcrocker.net>
Organization:
Cc:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] Iteration #3.
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2010 19:49:22 -0000

>For some environment, I'd expect your simple rule to be entirely adequate.

I suppose so, although I can't figure out how a system could tell that
it was in such an environment.

Since the reports all contain a message that was supposed to be
delivered by the system to which it was returned, a straightforward
way to recognize real reports would be to check the enclosed message
to see if it looked like something it had delivered.  That seems much
more robust against both malicious forgery, and plain old mistakes
where an MUA picks up mail from two different places and sends the
report to the wrong one.

R's,
John