Re: [Asrg] ARF traffic, was Spam button scenarios

Alessandro Vesely <vesely@tana.it> Tue, 09 February 2010 19:07 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2B32828C10D for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 11:07:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.604
X-Spam-Level:
X-Spam-Status: No, score=-4.604 tagged_above=-999 required=5 tests=[AWL=-0.041, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vslUBLsBhf1A for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 11:07:15 -0800 (PST)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id 159F328C0F6 for <asrg@irtf.org>; Tue, 9 Feb 2010 11:07:14 -0800 (PST)
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Tue, 09 Feb 2010 20:08:21 +0100 id 00000000005DC031.000000004B71B2A5.0000602E
Message-ID: <4B71B2A5.6000900@tana.it>
Date: Tue, 09 Feb 2010 20:08:21 +0100
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: asrg@irtf.org
References: <20100208150513.49394.qmail@simone.iecc.com> <0BF553ABE600903AE55F0E89@lewes.staff.uscs.susx.ac.uk> <4B718E2A.5070304@tana.it> <D0AC3DDE-3995-4EE9-9914-30E2831BAE22@blighty.com> <4B71A3D8.40401@tana.it> <5560296B-0CCB-4C6A-A1A7-4AC004BCEBD3@blighty.com>
In-Reply-To: <5560296B-0CCB-4C6A-A1A7-4AC004BCEBD3@blighty.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] ARF traffic, was Spam button scenarios
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2010 19:07:16 -0000

On 09/Feb/10 19:15, Steve Atkins wrote:
> On Feb 9, 2010, at 10:05 AM, Alessandro Vesely wrote:
>>  The abuse-mailbox is an attribute in some whois db (e.g. RIPE). The form abuse@domain is standardized by rfc 2142. Some people (e.g. Abusix) may plan to send machine generated complaints at such addresses.
>
> None of that has anything to do with TiS buttons, though, which this thread is about. (Nor is it anything to do with feedback loops, which this thread is tangentially about).

Correct. They are just worth being considered when one thinks about 
where on an MTA should the ARF parsing software be installed.

>>  Besides that, I don't feel my model is much different than yours.
>
> It is quite different (and I think wrong :)) which is why I'm stressing it.
>
> We're not talking about abuse complaints in this thread, nor anything that would be sent to an existing role account.

We are: an ARF report is an automated form of an abuse complaint.

> That doesn't mean that a particular user might decide that sending either TiS notifications or FBL reports to a role address like sales@, postmaster@ or abuse@ is a good idea, but it's certainly not a requirement or even an expected behaviour[1].

I agree that specific agreements or standardization may let an ARF 
consumer specify a different address. Using role addresses is not 
eccentric, though.

>>  Again, splitting the traffic may be convenient for heavy loads. However, I just whitelisted my abuse@ address from spam filtering. The moment I'll get a lot of ARF reports, it will be easy to add a recipient-filter that processes incoming messages only if they are in ARF format and leaves them in the current folder otherwise.
>
> Yup, and that all works mostly OK (though you'll find some problems if you go the recipient-filter route). It's not the way I'd advise anyone to set things up as it won't scale well, but is quite workable for a small domain.

Hm... scaling can be achieved by splitting traffic. One may give 
different TiS addresses to different users, but using several or 
multihomed MXes may make for similar results.

> [1] Sending FBL reports to sales@ does have a certain charm, though.

:-)