Re: [Asrg] Adding a spam button to MUAs

[ram <ram@netcore.co.in>]

On Mon, 2010-02-01 at 23:44 -0500, Chris Lewis wrote:

> Bart Schaefer wrote:
> > On Feb 1,  9:11am, Steve Atkins wrote:
> > }
> > } On Feb 1, 2010, at 8:57 AM, Ian Eiloart wrote:
> > } 
> > } > Does ARF allow richer expression than ANNOTATE?
> > } 
> > } Probably - it's basically a container format.
> > } 
> > } More importantly, perhaps, it would be easy to roll out on existing
> > } installations with a trivial configuration change, rather than
> > } requiring functionality in the mailstore that may not be there.
> 
> > Anything that's going to be added as metadata to the message header
> > needs to be carefully specified so that a client that understands the
> > format can reside behind a server that does not.  E.g., depending on
> > where this metadata is added, one option might be to require a DKIM
> > signature to cover it.
> 
> Consider the following off-the-cuff implementation possibility:
> 
> A header that has:
> 
> Name of server (or administrative unit (domain)) inserting the header.
> What to send in report:
> 	ARF copy, or forward or selected header[s] or?
> How to send report:
>          email (including address), or some other protocol and
>          destination.
> 


I think thinking of a non-mail protocol to send abuse reports is an
excellent idea. 
Sending ARF's via email need not be the only option.  Why not use the
header 

eg X-Abuse-to: <http://mailserver.isp.com/cgi-bin/fbl>
<mailto:feedbackloop@isp.com>
Obvioulsy the MUA must verify if the mail is authenticated , DKIM seems
a good way to do this. 

Sending abuse reports via http (POST?) should be standardized. 
If http is not available ( possibly some corporates block http access )
then you can fallback to email. 
The MUA must also have proper time outs so as to cut-off malicious fbl
urls