Re: [Asrg] Forwarding again, was Adding a spam button to MUAs

John Levine <johnl@taugh.com> Thu, 10 December 2009 06:21 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 144943A67CF for <asrg@core3.amsl.com>; Wed, 9 Dec 2009 22:21:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.989
X-Spam-Level:
X-Spam-Status: No, score=-18.989 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, RCVD_IN_DNSWL_HI=-8, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6fR32RtdXrJh for <asrg@core3.amsl.com>; Wed, 9 Dec 2009 22:21:18 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by core3.amsl.com (Postfix) with ESMTP id 966C43A6967 for <asrg@irtf.org>; Wed, 9 Dec 2009 22:21:17 -0800 (PST)
Received: (qmail 54063 invoked from network); 10 Dec 2009 06:21:05 -0000
Received: from mail1.iecc.com (208.31.42.56) by mail1.iecc.com with QMQP; 10 Dec 2009 06:21:05 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k0912; olt=johnl@user.iecc.com; bh=HEra6Jnmvql41SoYRZEX/oc27lfzDpJvS9Y6gKedlaI=; b=dJRP6DMWVDRhcIC3XQBim7FFkUX7fbNp1hXggEOcP8W5EX9QrmqkYLp5+OnqugrRkfgE3MZ5KrIS5wVArSmei/SlCnsDrkQh8diBJeE37m1WDahfDlZwXom8vOxmAB1FjZ2aLNoDelrNW7CQx8fWt8481NWxbu+N2bATLgDKqOk=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k0912; bh=HEra6Jnmvql41SoYRZEX/oc27lfzDpJvS9Y6gKedlaI=; b=QBMs3FLjUXqjnsJXM+uFx8KDXUw0X3Qfozj9UedGr+3KER18tEwRjsGbKknR3c3Hb0966j4E9mYSm5zlULYKJQ02me8xPcXmDyHsi5ZKCiQh7jpBG0iY1ypRlruY+/MHow5pb58S2J+c1TxPdp8Uqb//0Pl6ZzhpBs7GQQkrRZo=
Date: Thu, 10 Dec 2009 06:21:04 -0000
Message-ID: <20091210062104.24857.qmail@simone.iecc.com>
From: John Levine <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <20091210053916.10F9124218@panix5.panix.com>
Organization:
Cc:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] Forwarding again, was Adding a spam button to MUAs
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2009 06:21:20 -0000

>> I might have missed a suggestion to not send it to the ISP, only to
>> the apparent forwarder, when there was something that looked like a
>> forwarder - if so, don't do that. :)
>
>Not "looked like" but "was verified by the user, by the server sending
>a magic message to the user-supplied 'this is my other address' and
>seeing it come back from the forwarder".

This feels too abusable.  We know that spammers sign up for sham
accounts at freemail services and send themselves lots of spam to game
systems that use a complaint percentage.  They could easily set up a
lot of fake forwards, which feel like they'd be useful for some kind
of statistics gaming.

Also, in the real world, there are legitimate forwards to people who
have only the dimmest concept that mail is being forwarded to them.
For example, my church has a temporary Sunday school director with an
AOL account.  His email skills are rudimentary, so rather than trying
to set him up in the IMAP or web mail that everyone else uses, I
forwarded the director's role account, which is in a lot of address
books and mailing lists, to his AOL account.  Getting him to do a
magic message thing would be non-trivial.  I have several other people
in similar situations, role accounts forwarded to people without the
skills or interest to learn another mail system, so I don't think this
is an unrealistically exotic concern.

FBLs feeding back to forwarders are existing art.  They're not
fabulous, but they're adequate, and I'd really rather not get
sidetracked again by the forwarding issue.

R's,
John