Re: [Asrg] Spam button scenarios

Alessandro Vesely <vesely@tana.it> Mon, 08 February 2010 14:30 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B232A3A6D86 for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 06:30:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.324
X-Spam-Level:
X-Spam-Status: No, score=-4.324 tagged_above=-999 required=5 tests=[AWL=-0.361, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_MED=-4, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhyhlvV3eE6O for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 06:30:40 -0800 (PST)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id 4A5BF3A6DA9 for <asrg@irtf.org>; Mon, 8 Feb 2010 06:30:40 -0800 (PST)
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Mon, 08 Feb 2010 15:31:41 +0100 id 00000000005DC031.000000004B70204D.000024F5
Message-ID: <4B70204C.10307@tana.it>
Date: Mon, 08 Feb 2010 15:31:40 +0100
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: asrg@irtf.org
References: <alpine.BSF.2.00.1002080111310.16135@simone.lan>
In-Reply-To: <alpine.BSF.2.00.1002080111310.16135@simone.lan>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] Spam button scenarios
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2010 14:30:41 -0000

On 08/Feb/10 07:28, John R. Levine wrote:
> Here's some scenarios in which I'm not sure what the best thing is to do.
>
> A) User has multiple incoming accounts, presses the spam button, and the
> outbound MSA doesn't match the incoming account. Hence the report goes
> via unrelated third parties that might snoop on it. Do we care? The user
> has said it's spam, after all.

We care that reports get lost. However, picking the wrong MSA should 
at most result in a suboptimal delivery path. Was the destination 
address correct?

> B) Assume a model in which the spam reporting address is determined per
> account, e.g., fetched from the POP or IMAP server via an extension. The
> user for whatever reason moves a message from account A into the IMAP
> mailbox for account B and then hits the spam button, which sends the
> report to B, even though the message was from A. Do we care? It's the
> user's fault, although I can think of some simple configurations that
> would cause that, e.g., MUA based spam filter that puts all the junk
> into the Junk folder on the first IMAP account.

Assume the MUA doesn't track moving the message. Using A-R fields, it 
would find the one from A, but since it is not trusted on B's mailbox 
the MUA shouldn't use it.

Alternatively, the MUA can determine the validity of the top A-D field 
when it downloads the message. That would be useful for displaying A-R 
icons in message listing panes. And, it would allow to report the 
message as spam --to the right server-- even after it has been moved 
to a different account.

> C) I have a Gmail account and a Yahoo account. The Gmail account is set
> up to fetch my Yahoo mail so I can see it all in one place. I use
> Gmail's IMAP server to read my mail. (I really do this, by the way.) I
> hit the spam button. Who should get the report?
>
> 1) Gmail since that's who I picked it up from
> 2) Yahoo since that's where the spam was sent
> 3) Gmail but they should also forward the report to Yahoo

By symmetry, #3. But what A-R fields do you get in messages 
transferred that way?

If I had

   Authentication-Results: mx.google.com; spf=pass (google.com: domain
    of vesely@tana.it designates 62.94.243.226 as permitted sender)
    smtp.mail=vesely@tana.it

then I would report to abuse@mx.google.com --I currently cannot, 
because there's no such domain.

Is there any report on current A-R usage?