Re: [Asrg] Iteration #3.

Derek Diget <derek.diget+asrg@wmich.edu> Sun, 07 February 2010 02:15 UTC

Return-Path: <derek.diget+asrg@wmich.edu>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1FFE228C102 for <asrg@core3.amsl.com>; Sat, 6 Feb 2010 18:15:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.366
X-Spam-Level:
X-Spam-Status: No, score=-0.366 tagged_above=-999 required=5 tests=[AWL=-1.396, BAYES_00=-2.599, FB_INCREASE_VOL=3.629]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WSAwz0tdVg4y for <asrg@core3.amsl.com>; Sat, 6 Feb 2010 18:15:03 -0800 (PST)
Received: from mx-tmp.wmich.edu (mx-tmp.wmich.edu [141.218.1.43]) by core3.amsl.com (Postfix) with ESMTP id 939CD28C0F5 for <asrg@irtf.org>; Sat, 6 Feb 2010 18:14:59 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; charset="US-ASCII"
Received: from spaz.oit.wmich.edu (spaz.oit.wmich.edu [141.218.24.51]) by mta01.service.private (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 64bit)) with ESMTPSA id <0KXG004XG8Y9OIB0@mta01.service.private> for asrg@irtf.org; Sat, 06 Feb 2010 21:15:47 -0500 (EST)
X-WMU-Spam: Gauge=X, Probability=10% on Sat Feb 6 21:15:47 2010, Report=' WMU_MSA_SMTP+ 0, TO_IN_SUBJECT 0.5, BODY_SIZE_3000_3999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, FROM_EDU_TLD 0, SPF_NEUTRAL 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __PHISH_SPEAR_STRUCTURE_1 0, __SANE_MSGID 0, __TO_MALFORMED_2 0, __URI_NS '
X-WMU-PMX-Version: 5.5.9.388399, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2010.2.7.20325 - Sat Feb 6 21:15:46 2010
Date: Sat, 06 Feb 2010 21:15:45 -0500
From: Derek Diget <derek.diget+asrg@wmich.edu>
X-X-Sender: diget@spaz.oit.wmich.edu
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-reply-to: <4B6DA82A.5080008@nortel.com>
Message-id: <Pine.GSO.4.62.1002062028030.11995@spaz.oit.wmich.edu>
References: <4B6C6D35.1050101@nortel.com> <Pine.GSO.4.62.1002060114540.11995@spaz.oit.wmich.edu> <4B6DA82A.5080008@nortel.com>
Subject: Re: [Asrg] Iteration #3.
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2010 02:15:04 -0000

On Feb 6, 2010 at 12:34 -0500, Chris Lewis wrote:
=>Derek Diget wrote:
=>
=>> =>This also allows <domain> to use DNS to map them to somewhere else
=>> entirely.
=>> 
=>> -1 for having a "standard" address.  Let sites decided.  Some might want
=>> them to go to abuse@, spam@, devnull@, spam-training@anti-spam.vendor.  
=>
=>Defeats the purpose of self-configuration, UNLESS the mailstore provider can
=>automatically provide it.  See my posting under "We don't need no stinking..."
=>for a method to do it with TXT records.

One of the problems I have with publishing "private" (spammers and DNS 
walkers don't need to know this stuff) configuration information is that 
people that don't need to know it can get it.  Using SRV records to 
auto-config MUA retrieval and MSA settings or XMPP clients are different 
in that knowing those settings can't be abused unless you have a valid 
authentication credential.  Whereas, publishing an e-mail address is 
just asking for it to abused.  (Heck, how many spammers are not smart 
enough to list wash abuse@, postmaster@ and the other role accounts 
from their lists.  Do you think they won't start sending non-ARF 
messages (regular) spam to the TiS reporting address.  (Yes, some would 
say that is good as it will just help block/filter them, but I am  
thinking more about the increase in volume to the TiS reporting 
address.)

I am also thinking of spammers walking DNS and getting the reporting 
addresses and then sending ham to it to try to mess up the sites that 
might be automatically processing their TiS messages.  If the reporting 
address is in a header then they (spammer) would have a harder time 
getting the address.  (Yes, with all of the compromised PCs, free 
accounts, etc they can still probably get it anyways.)


=>> I have deleted the message, but Thursday someone (you?) had a post with
=>> regard to having the final MTA insert a header with the ARF reporting
=>> address?  I like that idea, but would replace MTA with MDA.  An MTA never
=>> really knows if it is the "last" MTA, where an MDA does.
=>
=>We don't want to modify _anything_ in the mail stream if we can possibly avoid
=>it.  If we do, sites can't do this without infrastructure changes (which may
=>never happen in some environments).  Eg: if Microsoft elects not to follow
=>this spec, we've just disenfranchised Exchange environments.

I have not been involved in a MS Exchange environment, but 1) I think 
that it already have a TiS mechanism builtin and 2) it is a closed 
environment like Lotus Notes, and Novell Groupwise.  Sites running those 
systems would be on their own.  (Yes, they might support IMAP/POP, but 
is a third-party client "supported for use" by their IT departments?)


-- 
***********************************************************************
Derek Diget                            Office of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***********************************************************************