[domainrep] Review of: draft-ietf-repute-email-identifiers-06

Dave Crocker <dcrocker@gmail.com> Mon, 20 May 2013 03:11 UTC

Message-ID: <51999455.5060903@gmail.com>
Date: Sun, 19 May 2013 20:11:17 -0700
From: Dave Crocker <dcrocker@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: draft-ietf-repute-email-identifiers.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "domainrep@ietf.org" <domainrep@ietf.org>
Subject: [domainrep] Review of: draft-ietf-repute-email-identifiers-06
Precedence: list

{ This review of provided as part of document shepherding /d }


Review of:    A Reputation Response Set for Email Identifiers
ID:           draft-ietf-repute-email-identifiers-06
Reviewed by:  D. Crocker
Review Date:  19 May 2013



Summary:

This document is part of a series that define a query/response mechanism 
for reporting assessment (reputation) information about an object.  The 
current document builds upon the basic mechanism and tailors is for 
reporting reputation of email-related identifiers.


The document is usable in its current form.  Some very minor changes are 
suggested but not required.



Detailed Comments:


> 1.  Introduction
>
>    This document specifies a response set for describing reputation of
>    an email identifier.  A "response set" in this context is defined in
>    [I-D.REPUTE-MODEL] and is used to describe assertions a reputation
>    service provider can make about email identifiers as well as meta-
>    data that can be included in such a reply beyond the base set
>    specified there.

Should the query (http) and response (media-type) documents also be 
cited explicitly?




> 3.1.  Assertions
>
>    The "email-id" reputation application recognizes the following
>    assertions:
>
>
>
>
>
> Borenstein & Kucherawy    Expires May 23, 2013                  [Page 3]
> 
> Internet-Draft  Email Identifiers Reputation Response Set  November 2012
>
>
>    abusive:  The subject identifier is associated with sending or
>       handling > email of a personally abusive, threatening, or
>       otherwise harassing nature.
>
>    fraud:  The subject identifier is associated with sending or handling
>       of fraudulent email, such as "phishing" (some good discussion on
>       this topic can be found in [IODEF-PHISHING])
>
>    invalid-recipients:  The subject identifier is associated with
>       delivery attempts to nonexistent recipients
>
>    malware:  The subject identifier is associated with the sending or
>       handling of malware via email
>
>    spam:  The subject identifier is associated with sending or handling
>       of unwanted bulk email

This list seems to cover the common behaviors, but I'm wondering whether 
it's worth the email-id application -- and perhaps each application -- 
should have its own sub-registry.  It's likely that whatever list is 
defined for email, usage will identify additional labels.  One that 
comes to mind -- and it's only meant as an example -- is "marketing: The 
subject identifier engages in sending excessive marketing emails to its 
customers".  Formally, that's not spam, but it's irritating enough to 
plausibly warrant a reputation note.  I'm sure there are others.


>
>    For all assertions, the "rating" scale is linear: A value of 0.0
>    means there is no data to support the assertion, a value of 1.0 means
>    all accumulated data support the assertion, and the intervening
>    values have a linear relationship (i.e., a score of "x" is twice as
>    strong of an assertion as a value of "x/2").



-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

Re: [domainrep] Review of: draft-ietf-repute-emai… Murray S. Kucherawy
[domainrep] Review of: draft-ietf-repute-email-id… Dave Crocker
Re: [domainrep] Review of: draft-ietf-repute-emai… Dave Crocker