Re: [Asrg] Adding a spam button to MUAs

Al Iverson <aiverson@spamresource.com> Wed, 03 February 2010 00:29 UTC

Return-Path: <aiverson@spamresource.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B33723A6BAA for <asrg@core3.amsl.com>; Tue, 2 Feb 2010 16:29:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.821
X-Spam-Level:
X-Spam-Status: No, score=-1.821 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q36jKW9EGnm9 for <asrg@core3.amsl.com>; Tue, 2 Feb 2010 16:29:08 -0800 (PST)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.26]) by core3.amsl.com (Postfix) with ESMTP id BDF603A6BA9 for <asrg@irtf.org>; Tue, 2 Feb 2010 16:29:07 -0800 (PST)
Received: by ey-out-2122.google.com with SMTP id 9so157240eyd.27 for <asrg@irtf.org>; Tue, 02 Feb 2010 16:29:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.86.132 with SMTP id w4mr924453wee.87.1265156985173; Tue, 02 Feb 2010 16:29:45 -0800 (PST)
In-Reply-To: <1265090468.19504.22.camel@darkstar.netcore.co.in>
References: <20100201145903.30670.qmail@simone.iecc.com> <3741B85B916D847C703F2724@lewes.staff.uscs.susx.ac.uk> <A50C736E-EE14-4213-B99D-DD58C669FDAC@blighty.com> <100201092326.ZM5487@torch.brasslantern.com> <4B67ADC2.4080204@nortel.com> <1265090468.19504.22.camel@darkstar.netcore.co.in>
Date: Tue, 02 Feb 2010 18:29:45 -0600
Message-ID: <e0c581531002021629r1c54c2bdy8d550c410497f677@mail.gmail.com>
From: Al Iverson <aiverson@spamresource.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [Asrg] Adding a spam button to MUAs
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2010 00:29:08 -0000

On Tue, Feb 2, 2010 at 12:01 AM, ram <ram@netcore.co.in> wrote:

> The MUA must also have proper time outs so as to cut-off malicious fbl urls

And any sort of FBL-via-MUA process should be opt-in, as well.
Checking only for a signature means bad guys signing mail can direct
where the feedback goes when you hit "this is spam." That data could
be misused to confirm email addresses, telling a spammer "we got a
live one" and making the email address worth selling.

Come to think of it, I don't think this should be core MUA
functionality. Even though I work for an ESP and would want the
feedback, I see too much opportunity for abuse. I'd rather see
third-party "report spam" plugins wherein that third party can make
the determination on where and whether or not to route a report. If
that third party doesn't trust or know about the sender, a report
would hopefully not be sent.

Regards,
Al Iverson