Re: [marf] draft-jdfalk-marf-as
Alessandro Vesely <vesely@tana.it> Tue, 21 June 2011 12:09 UTC
Return-Path: <vesely@tana.it>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15D5821F84E2 for <marf@ietfa.amsl.com>; Tue, 21 Jun 2011 05:09:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.346
X-Spam-Level:
X-Spam-Status: No, score=-5.346 tagged_above=-999 required=5 tests=[AWL=-0.627, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O3pK0bOAHzKv for <marf@ietfa.amsl.com>; Tue, 21 Jun 2011 05:09:29 -0700 (PDT)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 193A521F84E1 for <marf@ietf.org>; Tue, 21 Jun 2011 05:09:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=test; t=1308658167; bh=AbT+r5oAZGSWLXaNWS6wVdXR4V4TOh+rkrGyBw51Zs8=; l=2325; h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To: Content-Transfer-Encoding; b=VgbWtbFt5WpHc8skD/LcCJTiv4J01LwY+DzlqkYtcJbVURIWLIYMaC/kqP5UolWTt yhaOzb2bD+21fPEJEhAZO83AUF3vMmBpveJSxVMzVZ669lJk364cU+i4myTf7urmfw 8MPVacGwHy9DOhHIm3W/6sgZ2fDmovsBGvbitc1o=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Tue, 21 Jun 2011 14:09:27 +0200 id 00000000005DC033.000000004E0089F7.000023A1
Message-ID: <4E0089F2.20708@tana.it>
Date: Tue, 21 Jun 2011 14:09:22 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: marf@ietf.org
References: <1C806C86-8D87-4FC9-9A36-58BB22076AB7@cybernothing.org>
In-Reply-To: <1C806C86-8D87-4FC9-9A36-58BB22076AB7@cybernothing.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: [marf] draft-jdfalk-marf-as
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jun 2011 12:09:30 -0000
On 15/May/11 18:27, J.D. Falk wrote: > http://datatracker.ietf.org/doc/draft-jdfalk-marf-as/ > > I've already noticed a couple of minor things I need to correct, > but I'll wait until there've been more comments before uploading > another version. > > What do y'all thank? Would it be possible to expand treatment of non-FBL data? I heard rumors about FBL being considered illegal in Europe. I'd bet it's not, although EU law requires users' consent. At any rate, for clarity, I'd avoid calling "FBL" the unsolicited feedback generated without prior agreement. Appendix C in the CFBL BCP has some preliminary work on non-FBL. A topic that I think should be worked out a little bit more is the choice between mailbox and access providers. In section 2 of ARF-AS I would say that a report can alternatively be sent to one of a) a sender authenticated with DKIM or SPF, b) the abuse-mailbox found in the RIR WHOIS database for the IP address of the boundary relay, or c) a network provider higher in such allocation hierarchy. In section 3, I'd complement bullet (c) above with the suggestion that a network provider who receives a report relative to an IP that they gave to a mailbox provider, may forward that report to that provider's abuse-mailbox, besides possibly doing their own trending. Bullet (a) should also be cross-checked with WHOIS data, according to the last paragraph of section C1 of CFBL BCP. I'm not sure how. Should abuse-mailbox's parent entries have a (repeatable) "domain" attribute? Domain WHOIS apparently don't have abuse-mailboxes. The CFBL BCP says to ignore abuse-reports sent by mistake. Perhaps, this is where the non-spam ARF type has to be used, sending back the message to the author's mailbox provider so that they can undo any learning they had imparted to their spam filtering systems. Of course, the non-spam report needs to be acknowledged by the user who originally reported the message as spam. In case the user and the remote provider don't agree, either one or both of them deserve being categorized as bogus abuse-report sources. (As silly as this may seem, it may turn out to be a good way to categorize gullible spammers and unreliable users.) For a minor point, the possibility to redact reported messages is not mentioned.
- [marf] draft-jdfalk-marf-as J.D. Falk
- Re: [marf] draft-jdfalk-marf-as Alessandro Vesely
- Re: [marf] draft-jdfalk-marf-as J.D. Falk
- Re: [marf] draft-jdfalk-marf-as John Levine
- Re: [marf] draft-jdfalk-marf-as J.D. Falk
- Re: [marf] draft-jdfalk-marf-as John Levine
- Re: [marf] draft-jdfalk-marf-as Barry Leiba
- [marf] Abuse reporting, was draft-jdfalk-marf-as Alessandro Vesely
- Re: [marf] Abuse reporting, was draft-jdfalk-marf… Murray S. Kucherawy
- Re: [marf] Abuse reporting, was draft-jdfalk-marf… Alessandro Vesely
- Re: [marf] Abuse reporting, was draft-jdfalk-marf… J.D. Falk