Re: [Asrg] Spam button scenarios

John Levine <> Mon, 08 February 2010 15:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BE11F3A73EE for <>; Mon, 8 Feb 2010 07:04:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -13.395
X-Spam-Status: No, score=-13.395 tagged_above=-999 required=5 tests=[AWL=-4.105, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, RDNS_DYNAMIC=0.1, SUBJECT_FUZZY_TION=0.156]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DY1TVPj-cT36 for <>; Mon, 8 Feb 2010 07:04:12 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 7E0A83A7204 for <>; Mon, 8 Feb 2010 07:04:12 -0800 (PST)
Received: (qmail 82134 invoked from network); 8 Feb 2010 15:05:14 -0000
Received: from ( by with QMQP; 8 Feb 2010 15:05:14 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k1002;; bh=SuOWH6HuC4zjUYkJIKSWqKI+3/uxHPQQsztYjPMzU/E=; b=QE8BkHcJJ2J6jNbHr9PKVXq1/NqoN0UT4SpbAse3rOCzNKaPqQ3iRIsSHB71vjU3164I3f1rpqh2t0gy0lGg+cmwo2kPrsbIIpAHaTblcGESOlFR+VZrASinWK2BtXPMvK79oEpxzBs99JGSjByTnE+lwfIPc75xqxa9D/mfuVI=
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k1002; bh=SuOWH6HuC4zjUYkJIKSWqKI+3/uxHPQQsztYjPMzU/E=; b=hsPhmRXwgtvJ7BtvfZRcHL4Jid784LfO7TaVBnJpokIGF4cO98C/WmWzeYI3ZYbfOabfv78FKE0pfgytyQy+45/pLks5ihbkxDAx9Uj34fGJE9K0TxdhXYEd7TwbUIhIcJ5Y98eSss3zDyAI9KbepVzF5CGMAloOszl0vkq5MDE=
Date: 8 Feb 2010 15:05:13 -0000
Message-ID: <>
From: John Levine <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] Spam button scenarios
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Feb 2010 15:04:13 -0000

>>> A) User has multiple incoming accounts, presses the spam button, and the
>>> outbound MSA doesn't match the incoming account.  Hence the report goes
>>> via  unrelated third parties that might snoop on it.  Do we care?  The
>>> user has  said it's spam, after all.
>> The user trusts his good outgoing mail to that MTA - why should she not
>> trust her spam to the same MTA?
>It's a different case. We're sending email to an address at that MTA, and 
>drawing attention to it.
>The main problem here, though, is that the user thinks they're reporting 
>spam, but in fact they're generating it.

No, no.  I was assuming that the user was sending reports to a reasonable
address, not one made up from the name it uses to find its POP or IMAP
server.  (See other threads for why that's hopeless.)  The question is
whether it's a problem that the spam report takes a detour through someone
else's mail system on its way.