Re: [Asrg] Iteration #3.
Derek Diget <derek.diget+asrg@wmich.edu> Sun, 07 February 2010 02:15 UTC
Return-Path: <derek.diget+asrg@wmich.edu>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1FFE228C102 for <asrg@core3.amsl.com>; Sat, 6 Feb 2010 18:15:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.366
X-Spam-Level:
X-Spam-Status: No, score=-0.366 tagged_above=-999 required=5 tests=[AWL=-1.396, BAYES_00=-2.599, FB_INCREASE_VOL=3.629]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WSAwz0tdVg4y for <asrg@core3.amsl.com>; Sat, 6 Feb 2010 18:15:03 -0800 (PST)
Received: from mx-tmp.wmich.edu (mx-tmp.wmich.edu [141.218.1.43]) by core3.amsl.com (Postfix) with ESMTP id 939CD28C0F5 for <asrg@irtf.org>; Sat, 6 Feb 2010 18:14:59 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; charset="US-ASCII"
Received: from spaz.oit.wmich.edu (spaz.oit.wmich.edu [141.218.24.51]) by mta01.service.private (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 64bit)) with ESMTPSA id <0KXG004XG8Y9OIB0@mta01.service.private> for asrg@irtf.org; Sat, 06 Feb 2010 21:15:47 -0500 (EST)
X-WMU-Spam: Gauge=X, Probability=10% on Sat Feb 6 21:15:47 2010, Report=' WMU_MSA_SMTP+ 0, TO_IN_SUBJECT 0.5, BODY_SIZE_3000_3999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, FROM_EDU_TLD 0, SPF_NEUTRAL 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __PHISH_SPEAR_STRUCTURE_1 0, __SANE_MSGID 0, __TO_MALFORMED_2 0, __URI_NS '
X-WMU-PMX-Version: 5.5.9.388399, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2010.2.7.20325 - Sat Feb 6 21:15:46 2010
Date: Sat, 06 Feb 2010 21:15:45 -0500
From: Derek Diget <derek.diget+asrg@wmich.edu>
X-X-Sender: diget@spaz.oit.wmich.edu
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-reply-to: <4B6DA82A.5080008@nortel.com>
Message-id: <Pine.GSO.4.62.1002062028030.11995@spaz.oit.wmich.edu>
References: <4B6C6D35.1050101@nortel.com> <Pine.GSO.4.62.1002060114540.11995@spaz.oit.wmich.edu> <4B6DA82A.5080008@nortel.com>
Subject: Re: [Asrg] Iteration #3.
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2010 02:15:04 -0000
On Feb 6, 2010 at 12:34 -0500, Chris Lewis wrote: =>Derek Diget wrote: => =>> =>This also allows <domain> to use DNS to map them to somewhere else =>> entirely. =>> =>> -1 for having a "standard" address. Let sites decided. Some might want =>> them to go to abuse@, spam@, devnull@, spam-training@anti-spam.vendor. => =>Defeats the purpose of self-configuration, UNLESS the mailstore provider can =>automatically provide it. See my posting under "We don't need no stinking..." =>for a method to do it with TXT records. One of the problems I have with publishing "private" (spammers and DNS walkers don't need to know this stuff) configuration information is that people that don't need to know it can get it. Using SRV records to auto-config MUA retrieval and MSA settings or XMPP clients are different in that knowing those settings can't be abused unless you have a valid authentication credential. Whereas, publishing an e-mail address is just asking for it to abused. (Heck, how many spammers are not smart enough to list wash abuse@, postmaster@ and the other role accounts from their lists. Do you think they won't start sending non-ARF messages (regular) spam to the TiS reporting address. (Yes, some would say that is good as it will just help block/filter them, but I am thinking more about the increase in volume to the TiS reporting address.) I am also thinking of spammers walking DNS and getting the reporting addresses and then sending ham to it to try to mess up the sites that might be automatically processing their TiS messages. If the reporting address is in a header then they (spammer) would have a harder time getting the address. (Yes, with all of the compromised PCs, free accounts, etc they can still probably get it anyways.) =>> I have deleted the message, but Thursday someone (you?) had a post with =>> regard to having the final MTA insert a header with the ARF reporting =>> address? I like that idea, but would replace MTA with MDA. An MTA never =>> really knows if it is the "last" MTA, where an MDA does. => =>We don't want to modify _anything_ in the mail stream if we can possibly avoid =>it. If we do, sites can't do this without infrastructure changes (which may =>never happen in some environments). Eg: if Microsoft elects not to follow =>this spec, we've just disenfranchised Exchange environments. I have not been involved in a MS Exchange environment, but 1) I think that it already have a TiS mechanism builtin and 2) it is a closed environment like Lotus Notes, and Novell Groupwise. Sites running those systems would be on their own. (Yes, they might support IMAP/POP, but is a third-party client "supported for use" by their IT departments?) -- *********************************************************************** Derek Diget Office of Information Technology Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/ ***********************************************************************
- [Asrg] Iteration #3. Chris Lewis
- Re: [Asrg] Iteration #3. Dave CROCKER
- Re: [Asrg] Iteration #3. Steve Atkins
- Re: [Asrg] Iteration #3. Chris Lewis
- Re: [Asrg] Iteration #3. Derek Diget
- Re: [Asrg] Iteration #3. Alessandro Vesely
- Re: [Asrg] Iteration #3. Chris Lewis
- Re: [Asrg] Iteration #3. Chris Lewis
- [Asrg] Consensus Call - submission via posting (w… Dave CROCKER
- Re: [Asrg] Consensus Call - submission via postin… Lyndon Nerenberg (VE6BBM/VE7TFX)
- Re: [Asrg] Consensus Call - submission via postin… Chris Lewis
- Re: [Asrg] Consensus Call - submission via postin… Steve Atkins
- Re: [Asrg] Consensus Call - submission via postin… Dave CROCKER
- Re: [Asrg] Consensus Call - submission via postin… Dotzero
- Re: [Asrg] Iteration #3. Derek Diget
- Re: [Asrg] Consensus Call - submission via postin… Derek Diget
- Re: [Asrg] Consensus Call - submission via postin… Bart Schaefer
- Re: [Asrg] Consensus Call - submission via postin… Alessandro Vesely
- Re: [Asrg] Iteration #3. Alessandro Vesely
- Re: [Asrg] Iteration #3. Daniel Feenberg
- Re: [Asrg] Iteration #3. John Levine
- Re: [Asrg] Iteration #3. Daniel Feenberg
- Re: [Asrg] Iteration #3. Dave CROCKER
- Re: [Asrg] Iteration #3. John Levine
- Re: [Asrg] Iteration #3. Dave CROCKER
- Re: [Asrg] Consensus Call - submission via postin… Ian Eiloart
- Re: [Asrg] Consensus Call - submission via postin… John Levine
- Re: [Asrg] Consensus Call - submission via postin… BOBOTEK, ALEX (ATTCINW)
- Re: [Asrg] Consensus Call - submission via postin… Andrew Richards
- [Asrg] who has the message (was Re: Consensus Cal… Dave CROCKER
- Re: [Asrg] Consensus Call - submission via postin… Chris Lewis
- Re: [Asrg] Consensus Call - submission via postin… Andrew Richards
- Re: [Asrg] who has the message (was Re: Consensus… Andrew Richards
- Re: [Asrg] who has the message (was Re: Consensus… Dave CROCKER
- Re: [Asrg] who has the message (was Re: Consensus… Chris Lewis
- Re: [Asrg] who has the message (was Re: Consensus… John Levine
- Re: [Asrg] who has the message (was Re: Consensus… Dave CROCKER
- Re: [Asrg] overloading server names doesn't work,… John R Levine
- Re: [Asrg] Consensus Call - submission via postin… Bill Cole
- Re: [Asrg] overloading server names doesn't work,… Daniel Feenberg
- Re: [Asrg] who has the message (was Re: Consensus… Ian Eiloart
- Re: [Asrg] Consensus Call - submission via postin… Ian Eiloart
- Re: [Asrg] who has the message (was Re: Consensus… Ian Eiloart
- Re: [Asrg] who has the message (was Re: Consensus… Andrew Richards
- Re: [Asrg] who has the message (was Re: Consensus… Andrew Richards
- Re: [Asrg] who has the message (was Re: Consensus… Ian Eiloart
- Re: [Asrg] who has the message (was Re: Consensus… Andrew Richards
- Re: [Asrg] who has the message (was Re: Consensus… Ian Eiloart
- Re: [Asrg] overloading server names doesn't work,… Dave CROCKER
- Re: [Asrg] who has the message (was Re: Consensus… Paul Russell
- Re: [Asrg] overloading server names doesn't work,… John R Levine
- Re: [Asrg] overloading server names doesn't work,… Dave CROCKER
- Re: [Asrg] DNS basics, was overloading server nam… John R Levine
- Re: [Asrg] Consensus Call - submission via postin… Andrew Richards
- Re: [Asrg] Consensus Call - submission via postin… Ian Eiloart
- Re: [Asrg] DNS basics, was overloading server nam… Dave CROCKER
- Re: [Asrg] DNS basics, was overloading server nam… John R Levine
- Re: [Asrg] Consensus Call - submission via postin… Jose-Marcio Martins da Cruz
- Re: [Asrg] DNS basics, was overloading server nam… Douglas Otis
- Re: [Asrg] Consensus Call - submission via postin… Ian Eiloart
- Re: [Asrg] Consensus Call - submission via postin… Jose-Marcio Martins da Cruz