Re: [Asrg] Iteration #3.

Daniel Feenberg <feenberg@nber.org> Sun, 07 February 2010 16:42 UTC

Return-Path: <feenberg@nber.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1944A3A7241 for <asrg@core3.amsl.com>; Sun, 7 Feb 2010 08:42:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.348
X-Spam-Level:
X-Spam-Status: No, score=-6.348 tagged_above=-999 required=5 tests=[AWL=0.250, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qxwV3hsbpkY8 for <asrg@core3.amsl.com>; Sun, 7 Feb 2010 08:42:55 -0800 (PST)
Received: from mail2.nber.org (mail2.nber.org [66.251.72.79]) by core3.amsl.com (Postfix) with ESMTP id DBFD63A723F for <asrg@irtf.org>; Sun, 7 Feb 2010 08:42:54 -0800 (PST)
Received: from nber6.nber.org (nber6.nber.org [66.251.72.76]) by mail2.nber.org (8.14.3/8.13.8) with ESMTP id o17GhmCu035555 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT); Sun, 7 Feb 2010 11:43:48 -0500 (EST) (envelope-from feenberg@nber.org)
Received: from nber6.nber.org (localhost [127.0.0.1]) by nber6.nber.org (8.13.8+Sun/8.12.10) with ESMTP id o17GgSmZ017095; Sun, 7 Feb 2010 11:42:28 -0500 (EST)
Received: from localhost (Unknown UID 1079@localhost) by nber6.nber.org (8.13.8+Sun/8.13.8/Submit) with ESMTP id o17GgRF2017092; Sun, 7 Feb 2010 11:42:28 -0500 (EST)
X-Authentication-Warning: nber6.nber.org: Unknown UID 1079 owned process doing -bs
Date: Sun, 7 Feb 2010 11:42:25 -0500 (EST)
From: Daniel Feenberg <feenberg@nber.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <20100207163040.5693.qmail@simone.iecc.com>
Message-ID: <Pine.GSO.4.64.1002071137350.16286@nber6.nber.org>
References: <20100207163040.5693.qmail@simone.iecc.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE, bases: 20100207 #3446038, check: 20100207 clean
Subject: Re: [Asrg] Iteration #3.
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2010 16:42:56 -0000

On Sun, 7 Feb 2010, John Levine wrote:

>> For this reason the MTA operator would probably want to discard
>> messages to the arf reporting address unless they were submitted via
>> the MSA submission port, or came from inside the MTA operators own
>> network.
>
> That doesn't sound like a very good idea.  When I was providing mail
> for the customers of a local web hosting company, I tried really hard
> to get them to use my MSA, since it made the management and trouble
> diagnosis a lot easier.  No matter what I did, I never got more than
> half of them to do so.  The rest just used some other account,
> generally their local ISP, because it mostly worked.
>
> These days lots of people pick up their mail from Gmail, but who knows
> how they send it.  I know people who have Gmail pick up their ISP
> mailbox since they like the sorting and spam filtering better, but did
> they change their outgoing setup?  I doubt it.
>
> Once again, I would ask people to try really hard to avoid assuming
> that all, or even many, mail systems are just like yours, since that
> leads to false assumtions and poor designs.

I said "probably". There are certainly other ways the MTA operator could 
distinguish legitimate reports from forgeries, if necessary.

Daniel Feenberg

>
> R's,
> John
>
>
>
> _______________________________________________
> Asrg mailing list
> Asrg@irtf.org
> http://www.irtf.org/mailman/listinfo/asrg
>