[marf] SPF's helo identity as a reporting target

Alessandro Vesely <vesely@tana.it> Tue, 08 May 2012 10:56 UTC

Return-Path: <vesely@tana.it>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 170C421F857F for <marf@ietfa.amsl.com>; Tue, 8 May 2012 03:56:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.424
X-Spam-Level:
X-Spam-Status: No, score=-3.424 tagged_above=-999 required=5 tests=[AWL=-1.105, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, J_CHICKENPOX_41=0.6, J_CHICKENPOX_44=0.6, J_CHICKENPOX_48=0.6, J_CHICKENPOX_64=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WyMX4cNOfNgA for <marf@ietfa.amsl.com>; Tue, 8 May 2012 03:56:12 -0700 (PDT)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 11B1521F8573 for <marf@ietf.org>; Tue, 8 May 2012 03:56:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=test; t=1336474571; bh=XV2kSNWuHOG0b5kruOZogga6jxERa0ggytj2EOKc52c=; l=883; h=Message-ID:Date:From:MIME-Version:To:Content-Transfer-Encoding; b=YMJrBMC64IOF7tdn87MKgMDHCmW5eYfpr7pg2DpjF15a7l2NM4kQr7YtbEMMCFzTI H22I3GtTuputEM5Vgv+g31wKArbUK0hV0Z7EV00bOb+2fQ33NH4/QHLOK3A0GF1dGk yKaEf7pKKbaRNO8u5BxwCC6Kd5VoV1oTdn2S4Fss=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Tue, 08 May 2012 12:56:11 +0200 id 00000000005DC039.000000004FA8FBCB.00000A01
Message-ID: <4FA8FBCA.3050904@tana.it>
Date: Tue, 08 May 2012 12:56:10 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Message Abuse Report Format working group <marf@ietf.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: [marf] SPF's helo identity as a reporting target
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 10:56:13 -0000

Hi all,

someone on the spf-discuss list noted that the smtp.helo is often of a
different type than the domains usually branded in smtp.mailfrom,
header.from, and dkim.d.  That's because it seems to be quite common
to outsource mail relaying as well as MX services.  This situation
characterizes relaying services as third parties that might manage
complaints and/or enforce policies, much like ESPs and ISPs.

MARF-AS generically allows any "domain that has been verified by the
[relevant] authentication mechanism", as well as "Abuse addresses in
WHOIS records of the IP address".

Would it be feasible to correlate auth methods' properties to roles,
in general?  For example, ESPs normally wouldn't outsource mail
relaying, since it's their core business.  Thus, sending a complaint
to abuse@_smtp.helo_ could be a way to target any involved ESP.

Just mumbling...