IETF Logo Mail Archive

Re: [Asrg] Report-as-Spam header

Brendan Hide <brendan@swiftspirit.co.za> Mon, 11 June 2012 18:53 UTC

Return-Path: <brendan@swiftspirit.co.za>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEA7721F861B for <asrg@ietfa.amsl.com>; Mon, 11 Jun 2012 11:53:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.948
X-Spam-Level:
X-Spam-Status: No, score=-1.948 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, HS_INDEX_PARAM=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZNTKtY5Dk2l for <asrg@ietfa.amsl.com>; Mon, 11 Jun 2012 11:53:07 -0700 (PDT)
Received: from fw9a.glodns.net (fw9a.glodns.net [196.220.48.59]) by ietfa.amsl.com (Postfix) with ESMTP id D6DB321F8497 for <asrg@irtf.org>; Mon, 11 Jun 2012 11:53:07 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by fw9a.glodns.net (Postfix) with ESMTP id 433C526111 for <asrg@irtf.org>; Mon, 11 Jun 2012 18:53:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at fw9a.glodns.net
Received: from fw9a.glodns.net ([196.220.48.59]) by localhost (fw9a.glodns.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 03t1iyeKLOOC for <asrg@irtf.org>; Mon, 11 Jun 2012 20:53:01 +0200 (SAST)
Received: from control.glodns.net (smtp1w.glodns.net [75.126.138.3]) by fw9a.glodns.net (Postfix) with ESMTP id B13DD260DF for <asrg@irtf.org>; Mon, 11 Jun 2012 20:53:01 +0200 (SAST)
Received: (qmail 12986 invoked from network); 11 Jun 2012 20:53:01 +0200
Received: from blvd-cr1-nat1.wa.co.za (HELO watricky.invalid.co.za) (196.220.32.228) by smtp1b.plesk.glodns.net with SMTP; 11 Jun 2012 20:53:01 +0200
Message-ID: <4FD63E8A.3030904@swiftspirit.co.za>
Date: Mon, 11 Jun 2012 20:52:58 +0200
From: Brendan Hide <brendan@swiftspirit.co.za>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120605 Thunderbird/13.0
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <4FD4CAA4.5050006@swiftspirit.co.za> <6.2.5.6.2.20120610123350.0939fc28@resistor.net> <4FD567DB.2080407@swiftspirit.co.za> <4FD60054.9060706@tana.it>
In-Reply-To: <4FD60054.9060706@tana.it>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] Report-as-Spam header
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2012 18:53:09 -0000

Hi Allesandro
On 06/11/12 16:27, Alessandro Vesely wrote:
> On Mon 11/Jun/2012 05:36:59 +0200 Brendan Hide wrote:
>> Legitimate bulk mail services are already successfully using simple
>> headers and unique IDs.
> Having such links is required by law in some countries.  However, some
> of them just don't work.  Some of them seem to work and tell
> recipients they're unsubscribed from stream "xyz", but then they get
> spam with /unsubscribe?id=xyzbis, /unsubscribe?id=xyzter, and so
> forth.
I hadn't thought about the links being required by law. Re the differing 
IDs, it *has to* be unique for every mail sent, not just per recipient. 
This aids in tracking down a specific offence.
>    In addition, spammers can add such kind of links pretending to
> be a reputable originator, in the same way that they fake "From:" and
> "Return-Path:" header fields.  Thus, getting at least a part of the
> header and body of reported messages would seem to be appropriate in
> order to reliably determine the originator's identity.
I don't see this part being an issue at all. If my report-handling 
server responds saying the report is invalid then the relaying IP 
address will very quickly find its way onto an RBL. On the other hand:
> A disadvantage of reporting spam directly, from final recipients to
> senders, is that each end user would have to keep track of the
> complaints she sent.  The reporting entity needs to assess the
> trustworthiness of each sender.
This IS a very good point (even if it is made indirectly). If reports 
are sent directly to the spammer, the spammer is not going to do 
anything about it while the end-recipient believes he has properly 
reported the issue. This would not be such an issue if the ISP is 
pro-active and aware of the Report-as-Spam header (the ISP might insert 
their own header above the spammer's). Additionally, if the spammer has 
a dedicated server (ie the ISP does not intercept/relay the mail 
directly) then, again, the ISP won't be able to insert its own header.

Ultimately, there's no way for the end-user to place any trust in the 
header's origin. DNS is probably the only saving grace but, regardless, 
its back to the drawing board.

Thank you, Allesandro. :)

-- 
__________
Brendan Hide
Web Africa - Internet Business Solutions
http://www.webafrica.co.za/?AFF1E97

v2.8.7 | Report a Bug | By Email