Re: [Asrg] Spam button scenarios

John Levine <> Mon, 08 February 2010 14:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CE61F3A73B7 for <>; Mon, 8 Feb 2010 06:10:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -13.832
X-Spam-Status: No, score=-13.832 tagged_above=-999 required=5 tests=[AWL=-4.542, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, RDNS_DYNAMIC=0.1, SUBJECT_FUZZY_TION=0.156]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WTOUjIvBGQnN for <>; Mon, 8 Feb 2010 06:10:44 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id F39B33A73D3 for <>; Mon, 8 Feb 2010 06:10:40 -0800 (PST)
Received: (qmail 52605 invoked from network); 8 Feb 2010 14:11:42 -0000
Received: from ( by with QMQP; 8 Feb 2010 14:11:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k1002;; bh=hA80GoaoPCNeF92IbDD2Lk0KwiQktl4mLVZBs5j0hxY=; b=JQbFMGM3uqr8vl69eduvUABHZYyXTIx2v5vao0K5WMUi3Qx+EQOdV2RS+ss0otHNHcXKOewT5OsymtnSvSK6/mPhig5s6iP5ya4SX1URa4YE3Q8slwbov326hEsxkmSI+CLtOL3XFGXx+NABGVWRcuuKFWNfD+Um7YbksL0YIo4=
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k1002; bh=hA80GoaoPCNeF92IbDD2Lk0KwiQktl4mLVZBs5j0hxY=; b=X93q8SDOBM0VU9Wc09dbcaH16FLsKOnQrHQtrGeblpapO2p83LXKVITnKwe3SeYhJpAcfTe0nXoWOqVh+w/VdXMcWbwNTy1ra0aOpeDOi6rG5c+02sy+dJ424LbgQW5xx40uJtCkCB3xIrsLB0E9Q9AjpUB0KnkOXM6aAR6wydA=
Date: 8 Feb 2010 14:11:40 -0000
Message-ID: <>
From: John Levine <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] Spam button scenarios
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Feb 2010 14:10:46 -0000

Hi.  Please say "POP" a hundred times before proceeding.

>> A) User has multiple incoming accounts, presses the spam button, and the
>> outbound MSA doesn't match the incoming account.  Hence the report goes
>> via unrelated third parties that might snoop on it.  Do we care?  The
>> user has said it's spam, after all.
>Snooping might well be an issue, for example, it might be a false positive 
>where the actual message contains confidential information. The reporter is 
>using a system that supposedly communicates with their service provider. 
>Reporting a message to the mailstore operator (who can already read it from 
>the mailstore)

Mailstore?  This is a POP account.

>> C) I have a Gmail account and a Yahoo account.  The Gmail account is set
>> up to fetch my Yahoo mail so I can see it all in one place.  I use
>> Gmail's IMAP server to read my mail.  (I really do this, by the way.)  I
>> hit the spam button.  Who should get the report?
>>   1) Gmail since that's who I picked it up from
>>   2) Yahoo since that's where the spam was sent
>>   3) Gmail but they should also forward the report to Yahoo
>This is already a problem with simple forwarding. I get ARF reports from 
>AOL for messages that originated elsewhere, but were forwarded by my SMTP 

Except that there's no forwarding here.  Gmail should know that it got
the message by POPing it from Yahoo.  I agree that pinning the blame for
spam sent through courtesy forwards is a black hole, and we're not going
to solve it here.