Re: [Asrg] Adding a spam button to MUAs

Steve Atkins <steve@blighty.com> Fri, 05 February 2010 00:17 UTC

Return-Path: <steve@blighty.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1DF4C28C1F2 for <asrg@core3.amsl.com>; Thu, 4 Feb 2010 16:17:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.443
X-Spam-Level:
X-Spam-Status: No, score=-6.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MVA1EWKFWsYX for <asrg@core3.amsl.com>; Thu, 4 Feb 2010 16:17:40 -0800 (PST)
Received: from m.wordtothewise.com (fruitbat.wordtothewise.com [208.187.80.135]) by core3.amsl.com (Postfix) with ESMTP id 4B36628C1B5 for <asrg@irtf.org>; Thu, 4 Feb 2010 16:17:40 -0800 (PST)
Received: from platterhard.wordtothewise.com (184.wordtothewise.com [208.187.80.184]) by m.wordtothewise.com (Postfix) with ESMTP id 4323980604 for <asrg@irtf.org>; Thu, 4 Feb 2010 16:18:28 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1077)
From: Steve Atkins <steve@blighty.com>
In-Reply-To: <4B6B5F78.3070607@nortel.com>
Date: Thu, 04 Feb 2010 16:18:27 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <7AC9CB85-1F82-4FD8-8411-F45E74EE6A59@blighty.com>
References: <20100204232046.53178.qmail@simone.iecc.com> <4B6B5F78.3070607@nortel.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
X-Mailer: Apple Mail (2.1077)
Subject: Re: [Asrg] Adding a spam button to MUAs
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2010 00:17:41 -0000

On Feb 4, 2010, at 3:59 PM, Chris Lewis wrote:

> John Levine wrote:
>>> In any case it hardly matters because POP3 and IMAP are completely different
>>> protocols with different constituencies. You'd never have a standards effort
>>> that lumps them together in a million years, and even if you did you'd do
>>> nothing more than needlessly confuse the programmers of their respective
>>> code bases.
>> Actually, we've seen a reasonable suggestion a few messages back that
>> would work equally well with POP and IMAP: extract a reporting address
>> from the message and send it an ARF report.  It has the admirable
>> characteristic of being completely agnostic about how the mail is
>> delivered, since there are plenty of delivery techniques other than
>> POP and IMAP, such as WebDAV, uucp (still handy for intermittent
>> connections), fetchmail, and just reading the local mailstore.
> 
> If we want to sidestep the issue of how to deal with senders wanting their FBLs, the very simplest method of all is to have the TiS button send an ARF to a specific address, and let that address figure out everything else.
> 
> I could live with that even in my odd-ball architecture (which probably resembles other very large infrastructures).  I already do that (without the ARF format), and the recipient address has to be manually configured in the MUA.
> 
> I'd only add that I'd prefer _not_ to have to have the user configure the MUA where to send the ARFs to.  The receiving mail server inserts it.  Meaning that the MUA has to be able to determine it's valid.
> 
> I think this is important because many MUAs receive email from multiple infrastructures, each potentially with their own policies.
> 
> If we only support emailed ARFs, the only parameter you need is the address.
> 
> This has the advantage of being able to work correctly if the MUA receives email from several different infrastructures, even if some don't support reporting.
> 
> Even has the ability to work if the receiving mail system can't handle the ARFs at all, just forward em off to a trusted 3rd party.

+1. This is exactly what I suggested way, way upthread.

All you need to be able to do at the MX level is add a (possibly constant) header to each inbound email.

There's a subtle implication, which is that if you're stashing the ARF consumer address in a header, and your MX isn't overwriting (or stripping) that header, then it's possible that spam reports could be sent to the preferred reporting address of someone further up the delivery chain. I see this as an advantage, but it needs to be mentioned.

Cheers,
  Steve