IETF Logo Mail Archive

Re: [Asrg] Spam button scenarios

Derek Diget <derek.diget+asrg@wmich.edu> Mon, 08 February 2010 15:29 UTC

Return-Path: <derek.diget+asrg@wmich.edu>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B9D3F28C0FE for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 07:29:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[AWL=0.536, BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ly9umJcjbInB for <asrg@core3.amsl.com>; Mon, 8 Feb 2010 07:29:56 -0800 (PST)
Received: from mx-tmp.wmich.edu (mx-tmp.wmich.edu [141.218.1.43]) by core3.amsl.com (Postfix) with ESMTP id AF0F23A7420 for <asrg@irtf.org>; Mon, 8 Feb 2010 07:29:56 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; charset="US-ASCII"
Received: from spaz.oit.wmich.edu (spaz.oit.wmich.edu [141.218.24.51]) by mta01.service.private (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 64bit)) with ESMTPSA id <0KXJ000AR4FEZN80@mta01.service.private> for asrg@irtf.org; Mon, 08 Feb 2010 10:30:54 -0500 (EST)
X-WMU-Spam: Gauge=X, Probability=10% on Mon Feb 8 10:30:54 2010, Report=' WMU_MSA_SMTP+ 0, TO_IN_SUBJECT 0.5, BODY_SIZE_1600_1699 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, FROM_EDU_TLD 0, SPF_NEUTRAL 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __PHISH_SPEAR_STRUCTURE_1 0, __SANE_MSGID 0, __TO_MALFORMED_2 0, __URI_NS '
X-WMU-PMX-Version: 5.5.9.388399, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2010.2.8.152121 - Mon Feb 8 10:30:53 2010
Date: Mon, 08 Feb 2010 10:30:50 -0500
From: Derek Diget <derek.diget+asrg@wmich.edu>
X-X-Sender: diget@spaz.oit.wmich.edu
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-reply-to: <4B70204C.10307@tana.it>
Message-id: <Pine.GSO.4.62.1002081012140.22269@spaz.oit.wmich.edu>
References: <alpine.BSF.2.00.1002080111310.16135@simone.lan> <4B70204C.10307@tana.it>
Subject: Re: [Asrg] Spam button scenarios
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2010 15:29:57 -0000

On Feb 8, 2010 at 15:31 +0100, Alessandro Vesely wrote:
=>On 08/Feb/10 07:28, John R. Levine wrote:
=>> Here's some scenarios in which I'm not sure what the best thing is to do.
=>> 
=>> A) User has multiple incoming accounts, presses the spam button, and the
=>> outbound MSA doesn't match the incoming account. Hence the report goes
=>> via unrelated third parties that might snoop on it. Do we care? The user
=>> has said it's spam, after all.
=>
=>We care that reports get lost. However, picking the wrong MSA should at most
=>result in a suboptimal delivery path. Was the destination address correct?

Picking the wrong MSA could also result in lost reports.  The "wrong" 
MSA might have different filters/rules running on it (not having the ARF 
reporting address white-listed/scan exception) which could cause the TiS 
message to get rejected/quarantined/redirected/dropped and thus not 
making it to the intended recipient (ARF reporting address).


Not really wanting to open another "deliverability" sub-thread or debate 
the merits of SPF/DKIM, but....  IMO as more sites start to move to a 
SPF -all, or sign their out-bound MSA messages with DKIM using the 
"correct" MSA becomes more and more of a requirement if the user 
(sender) wants their e-mail to get to the recipients.  Using the correct 
MSA is not just a TiS submitted via SUBMIT issue.



-- 
***********************************************************************
Derek Diget                            Office of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***********************************************************************

v2.23.0 | Report a Bug | By Email