Re: [Asrg] Where to send the ARF report, was Adding a spam button to MUAs

"BOBOTEK, ALEX (ATTCINW)" <AB3778@att.com> Sat, 06 February 2010 02:27 UTC

Return-Path: <AB3778@att.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E6E73A6FEB for <asrg@core3.amsl.com>; Fri, 5 Feb 2010 18:27:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.843
X-Spam-Level:
X-Spam-Status: No, score=-105.843 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_63=0.6, RCVD_IN_DNSWL_MED=-4, SUBJECT_FUZZY_TION=0.156, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1UNMxZAhnx+e for <asrg@core3.amsl.com>; Fri, 5 Feb 2010 18:27:27 -0800 (PST)
Received: from mail121.messagelabs.com (mail121.messagelabs.com [216.82.242.3]) by core3.amsl.com (Postfix) with ESMTP id 28DEF3A6DCC for <asrg@irtf.org>; Fri, 5 Feb 2010 18:27:26 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: AB3778@att.com
X-Msg-Ref: server-8.tower-121.messagelabs.com!1265423297!25342335!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [144.160.112.25]
Received: (qmail 24999 invoked from network); 6 Feb 2010 02:28:18 -0000
Received: from sbcsmtp3.sbc.com (HELO tlph064.enaf.dadc.sbc.com) (144.160.112.25) by server-8.tower-121.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 6 Feb 2010 02:28:18 -0000
Received: from enaf.dadc.sbc.com (localhost.localdomain [127.0.0.1]) by tlph064.enaf.dadc.sbc.com (8.14.3/8.14.3) with ESMTP id o162SH3C005139 for <asrg@irtf.org>; Fri, 5 Feb 2010 20:28:17 -0600
Received: from td03xsmtp008.US.Cingular.Net (intexchapp01.us.cingular.net [135.179.64.42] (may be forged)) by tlph064.enaf.dadc.sbc.com (8.14.3/8.14.3) with ESMTP id o162SD8x005113 for <asrg@irtf.org>; Fri, 5 Feb 2010 20:28:14 -0600
Received: from bd01xsmtp004.US.Cingular.Net ([135.163.18.45]) by td03xsmtp008.US.Cingular.Net with Microsoft SMTPSVC(6.0.3790.3959); Fri, 5 Feb 2010 20:28:13 -0600
Received: from BD01MSXMB015.US.Cingular.Net ([135.214.26.11]) by bd01xsmtp004.US.Cingular.Net with Microsoft SMTPSVC(6.0.3790.3959); Fri, 5 Feb 2010 18:28:13 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 5 Feb 2010 18:31:29 -0800
Message-ID: <BF533A28DBE487489EAB3411C5412CBE0FE16A1F@BD01MSXMB015.US.Cingular.Net>
In-Reply-To: <20100206004915.24791.qmail@simone.iecc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Asrg] Where to send the ARF report, was Adding a spam button to MUAs
Thread-Index: Acqmxj3Np8p+TsIxQYuO9OmRwUDzYAAB8NRQ
References: <F20D7208-2839-4B53-ADC9-471D11880F70@blighty.com> <20100206004915.24791.qmail@simone.iecc.com>
From: "BOBOTEK, ALEX (ATTCINW)" <AB3778@att.com>
To: "Anti-Spam Research Group - IRTF" <asrg@irtf.org>
X-OriginalArrivalTime: 06 Feb 2010 02:28:13.0001 (UTC) FILETIME=[07F14390:01CAA6D4]
Subject: Re: [Asrg] Where to send the ARF report, was Adding a spam button to MUAs
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2010 02:27:28 -0000

I don't see how this inherently ties the ARF server and/or ARF delivery
protocol(s)
to the mail access protocol (e.g., IMAP, POP, ...).  

A flexible reporting flow could work more like this:

*  MUA/User receive spam
*  MUA/User decide Report Recipient(s) they wish to report spam to
{sending ESP/ISP, receiving domain ESP/ISP, 
   Spam filter provider, SpamCop, and/or ...}.  This may involve header
analysis, which should be supported by 
   including feedback solicitation headers in email.
	* Possibly as a discovery process to support this decision, MUA
may discover available 
        reporting services' protocols and addresses for each Report
Recipient, using DNS (SRV or TXT?) queries if needed
*  Reports are sent using an available ARF submission protocol.  

To whom to report abuse is a can of worms.  For a given message, there
will never be a universally accepted answer.  
I don't see how it's reasonable to do anything except try to support the
range of possibilities.  

BTW, I work mostly with multi-protocol messaging systems (SMTP, SMS,
SIP, IM, MMS, IMAP, POP, proprietary wireless 
protocols, ...), where the complexity is even higher due to multiple
message types in addition to 
multiple (even layer 5 and higher) transport and delivery protocols.  In
these cases it may be impractical or 
inadvisable to use the access protocol as the abuse-report submission
protocol.
Maybe the above is more general than needed for email today.  But this
problem will become more complex as gateways
(such as Blackberry's or CP/M's, ...) become increasingly used.  

Regards,


Alex

-----Original Message-----
From: asrg-bounces@irtf.org [mailto:asrg-bounces@irtf.org] On Behalf Of
John Levine
Sent: Friday, February 05, 2010 4:49 PM
To: asrg@irtf.org
Subject: Re: [Asrg] Where to send the ARF report,was Adding a spam
button to MUAs

>How does the MUA autodiscover "domain.com", though, so as to create
 "feedback@feedback.domain.com"?

>The only setting that the MUA is likely to have access to is the name
>of the IMAP or POP3 server. As IMAP and POP3 are not name-based, the
>entry there could easily be domain.com, mail.domain.com,
>imap.domain.com or pop.domain.com or smtp.domain.com or even
>www.domain.com.

You know, this is the sort of thing that SRV records were invented to
do.

If the name of the POP or IMAP server is www.domain.com, you do a SRV
lookup and find:

 _arf._tcp.www.domain.com SRV 0 0 25 collectreports.biz

So, using a fixed mailbox name, the address is
feedback@collectreports.biz.  If there's no SRV record, they aren't
prepared to accept reports.

I'm not thrilled about this, since this enshrines the false assumption
that the only ways to pick up mail are POP and IMAP, but at least it
doesn't break anything that works now.

The other reason I'm not thrilled about it is that it assumes that an
MUA remembers where it found each message.  It's not unusual for
people to have multiple POP accounts, and to dump everything into one
local inbox.  There's no need to remember the source of each message,
so I wouldn't want to assume the MUA does so.  That's why I still
prefer something like a note in the Auth-results: header to tell you
where to send the report.  Belt-and-suspenders types might want to add
a SRV lookup to that to deter random hostile misdirection.

R's,
John
_______________________________________________
Asrg mailing list
Asrg@irtf.org
http://www.irtf.org/mailman/listinfo/asrg