Re: [Asrg] ARF traffic, was Spam button scenarios

Ian Eiloart <> Wed, 10 February 2010 12:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B421A3A7375 for <>; Wed, 10 Feb 2010 04:45:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.515
X-Spam-Status: No, score=-2.515 tagged_above=-999 required=5 tests=[AWL=-0.072, BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sU4eaJlJFWjk for <>; Wed, 10 Feb 2010 04:45:07 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 7DA443A754C for <>; Wed, 10 Feb 2010 04:45:07 -0800 (PST)
Received: from ([]:55581) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <>) id KXMM6A-000G67-6G for; Wed, 10 Feb 2010 12:46:58 +0000
Date: Wed, 10 Feb 2010 12:46:17 +0000
From: Ian Eiloart <>
To: Anti-Spam Research Group - IRTF <>
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <>
Originator-Info: login-token=Mulberry:01PU70uaavYh5+u0gbqXSww2cso8YVE6B0srk=;
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] ARF traffic, was Spam button scenarios
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 10 Feb 2010 12:45:08 -0000

--On 9 February 2010 19:38:08 +0100 Alessandro Vesely <> 

> On 09/Feb/10 18:38, Ian Eiloart wrote:
>> Actually, I think I said we won't look at the message, but that's not
>> right. We check the message headers to identify messages that were
>> originally routed through the MSA. For abuse reports from our domain,
>> though, they're not going to go out of our system and back again.
> What about forwarding? Many sites have come to some sort of agreement
> with forwarders, e.g. in order to whitelist them from SPF checks. So if
> your user reports a forwarded message as spam, you may want to re-send
> the complaint to the forwarder, just like the Yahoo->Gmail case that has
> been exemplified earlier.
> Now, suppose the report eventually reaches the original author. She may
> be the first human actually reading it, and realizes that the recipient
> hit TiS by mistake. Won't she protest? Eventually, the forwarder may send
> you back the ARF claiming that it has been your user's error and to
> please readjust their reputation.

> What are the addresses involved?

It's like this: if you want to send mail to my system with a sender domain 
that I own, then you have to authenticate to our servers (unless you're 
forwarding an email that was originally submitted to our servers over 
authenticated SMTP).

We don't permit spoofed email from our domains. It works very nicely, and 
keeps our "internal" email pretty much spam free.

Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see