Re: [Asrg] Adding a spam button to MUAs

Al Iverson <> Wed, 03 February 2010 00:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B33723A6BAA for <>; Tue, 2 Feb 2010 16:29:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.821
X-Spam-Status: No, score=-1.821 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, SUBJECT_FUZZY_TION=0.156]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Q36jKW9EGnm9 for <>; Tue, 2 Feb 2010 16:29:08 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id BDF603A6BA9 for <>; Tue, 2 Feb 2010 16:29:07 -0800 (PST)
Received: by with SMTP id 9so157240eyd.27 for <>; Tue, 02 Feb 2010 16:29:45 -0800 (PST)
MIME-Version: 1.0
Received: by with SMTP id w4mr924453wee.87.1265156985173; Tue, 02 Feb 2010 16:29:45 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <>
Date: Tue, 2 Feb 2010 18:29:45 -0600
Message-ID: <>
From: Al Iverson <>
To: Anti-Spam Research Group - IRTF <>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [Asrg] Adding a spam button to MUAs
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Feb 2010 00:29:08 -0000

On Tue, Feb 2, 2010 at 12:01 AM, ram <> wrote:

> The MUA must also have proper time outs so as to cut-off malicious fbl urls

And any sort of FBL-via-MUA process should be opt-in, as well.
Checking only for a signature means bad guys signing mail can direct
where the feedback goes when you hit "this is spam." That data could
be misused to confirm email addresses, telling a spammer "we got a
live one" and making the email address worth selling.

Come to think of it, I don't think this should be core MUA
functionality. Even though I work for an ESP and would want the
feedback, I see too much opportunity for abuse. I'd rather see
third-party "report spam" plugins wherein that third party can make
the determination on where and whether or not to route a report. If
that third party doesn't trust or know about the sender, a report
would hopefully not be sent.

Al Iverson