Re: [Asrg] Spam button scenarios

John Levine <johnl@taugh.com> Mon, 08 February 2010 14:10 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE61F3A73B7 for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 06:10:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.832
X-Spam-Level:
X-Spam-Status: No, score=-13.832 tagged_above=-999 required=5 tests=[AWL=-4.542, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, RDNS_DYNAMIC=0.1, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WTOUjIvBGQnN for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 06:10:44 -0800 (PST)
Received: from gal.iecc.com (64.57.183.53.lightlink.com [64.57.183.53]) by core3.amsl.com (Postfix) with ESMTP id F39B33A73D3 for <asrg@irtf.org>; Mon, 8 Feb 2010 06:10:40 -0800 (PST)
Received: (qmail 52605 invoked from network); 8 Feb 2010 14:11:42 -0000
Received: from mail1.iecc.com (208.31.42.56) by mail1.iecc.com with QMQP; 8 Feb 2010 14:11:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k1002; olt=johnl@user.iecc.com; bh=hA80GoaoPCNeF92IbDD2Lk0KwiQktl4mLVZBs5j0hxY=; b=JQbFMGM3uqr8vl69eduvUABHZYyXTIx2v5vao0K5WMUi3Qx+EQOdV2RS+ss0otHNHcXKOewT5OsymtnSvSK6/mPhig5s6iP5ya4SX1URa4YE3Q8slwbov326hEsxkmSI+CLtOL3XFGXx+NABGVWRcuuKFWNfD+Um7YbksL0YIo4=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k1002; bh=hA80GoaoPCNeF92IbDD2Lk0KwiQktl4mLVZBs5j0hxY=; b=X93q8SDOBM0VU9Wc09dbcaH16FLsKOnQrHQtrGeblpapO2p83LXKVITnKwe3SeYhJpAcfTe0nXoWOqVh+w/VdXMcWbwNTy1ra0aOpeDOi6rG5c+02sy+dJ424LbgQW5xx40uJtCkCB3xIrsLB0E9Q9AjpUB0KnkOXM6aAR6wydA=
Date: Mon, 08 Feb 2010 14:11:40 -0000
Message-ID: <20100208141140.36361.qmail@simone.iecc.com>
From: John Levine <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <79638E972E7DBE2B89A2883A@lewes.staff.uscs.susx.ac.uk>
Organization:
Cc:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] Spam button scenarios
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2010 14:10:46 -0000

Hi.  Please say "POP" a hundred times before proceeding.

>> A) User has multiple incoming accounts, presses the spam button, and the
>> outbound MSA doesn't match the incoming account.  Hence the report goes
>> via unrelated third parties that might snoop on it.  Do we care?  The
>> user has said it's spam, after all.
>
>Snooping might well be an issue, for example, it might be a false positive 
>where the actual message contains confidential information. The reporter is 
>using a system that supposedly communicates with their service provider. 
>Reporting a message to the mailstore operator (who can already read it from 
>the mailstore)

Mailstore?  This is a POP account.

>> C) I have a Gmail account and a Yahoo account.  The Gmail account is set
>> up to fetch my Yahoo mail so I can see it all in one place.  I use
>> Gmail's IMAP server to read my mail.  (I really do this, by the way.)  I
>> hit the spam button.  Who should get the report?
>>
>>   1) Gmail since that's who I picked it up from
>>   2) Yahoo since that's where the spam was sent
>>   3) Gmail but they should also forward the report to Yahoo
>
>This is already a problem with simple forwarding. I get ARF reports from 
>AOL for messages that originated elsewhere, but were forwarded by my SMTP 
>servers.

Except that there's no forwarding here.  Gmail should know that it got
the message by POPing it from Yahoo.  I agree that pinning the blame for
spam sent through courtesy forwards is a black hole, and we're not going
to solve it here.

R's,
John