IETF Logo Mail Archive

Re: [marf] Misuse of ARF by spam-friendly ISPs

"Murray S. Kucherawy" <msk@cloudmark.com> Wed, 03 August 2011 13:33 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E23FA21F8B2E for <marf@ietfa.amsl.com>; Wed, 3 Aug 2011 06:33:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.518
X-Spam-Level:
X-Spam-Status: No, score=-102.518 tagged_above=-999 required=5 tests=[AWL=-1.219, BAYES_00=-2.599, MANGLED_SPAM=2.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8y3ug-dO6Mb for <marf@ietfa.amsl.com>; Wed, 3 Aug 2011 06:33:18 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.35]) by ietfa.amsl.com (Postfix) with ESMTP id 3E1B021F8512 for <marf@ietf.org>; Wed, 3 Aug 2011 06:33:18 -0700 (PDT)
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by malice.corp.cloudmark.com ([172.22.10.71]) with mapi; Wed, 3 Aug 2011 06:33:30 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "marf@ietf.org" <marf@ietf.org>
Date: Wed, 03 Aug 2011 06:33:28 -0700
Thread-Topic: [marf] Misuse of ARF by spam-friendly ISPs
Thread-Index: AcxRxHBSTvlisT89Sh+sWOUDAnEoywAHEXAw
Message-ID: <F5833273385BB34F99288B3648C4F06F13512DF520@EXCH-C2.corp.cloudmark.com>
References: <35734E6B-4579-4EF4-A139-7BFB4FA4573F@wordtothewise.com> <E41787825008234A9B8BB93D603C8B0F1707F7@bobo1.bobotek.net> <953887BF-E8AB-4246-8075-7EB50A7BF916@wordtothewise.com> <F5833273385BB34F99288B3648C4F06F13512DF4CD@EXCH-C2.corp.cloudmark.com> <A6F08584-07DB-4000-B5EB-0AD02AFD44E2@cybernothing.org> <4E391CA5.6010803@tana.it>
In-Reply-To: <4E391CA5.6010803@tana.it>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [marf] Misuse of ARF by spam-friendly ISPs
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 13:33:19 -0000

> -----Original Message-----
> From: marf-bounces@ietf.org [mailto:marf-bounces@ietf.org] On Behalf Of Alessandro Vesely
> Sent: Wednesday, August 03, 2011 3:02 AM
> To: marf@ietf.org
> Subject: Re: [marf] Misuse of ARF by spam-friendly ISPs
> 
> On 03/Aug/11 02:42, J.D. Falk wrote:
> > On Jul 30, 2011, at 9:30 PM, Murray S. Kucherawy wrote:
> >
> >> I wonder if this could be mentioned in the BCP effort we're doing (JD?).
> >
> > I suppose it could be added to the growing list of use cases that
> > draft-jdfalk-marf-as specifically does not address, along with
> > individual user submissions, virus/malware reports, churning monkey
> > butter, et cetera.
> 
> What is the meaning of a list of non-addressed use cases?  Possibly
> suggest that they are not worth being addressed in general?

It's referring to a list of use cases that the ARF was not designed to handle.  There's no intent that I can see to state that those use cases aren't interesting to handle.

The issue is whether it's reasonable for an "abuse@" address to accept only reports that are ARFs.  I would suggest that such is a violation of RFC2142, but it doesn't explicitly state that all formats have to be accepted so I'd probably ultimately lose that argument.

> Hmm...
> that's quite strange, especially considering that everyone likes the
> monkey butter.

That's a new one on me.  What does it mean?

> > Sounds to me like what's actually needed is a BCP on accepting
> > abuse reports from the general public -- maybe a task for the
> > ASRG?
> 
> I agree such a BCP is needed, and I take this chance to propose it
> again.  The ASRG has already done research on this topic, and John
> summarized it in
> 
>   http://wiki.asrg.sp.am/wiki/Adding_a_junk_button_to_MUAs
> 
> That still looks current.  It allows MUAs to report in a variety of
> ways.  For SMTP, it is obviously better to wrap the offending mail in
> an ARF message, but not mandatory.

Just to be precise, I think JD is suggesting a BCP about how one handles received abuse reports, not how they are generated.  The point at issue is that one large service provider has decided only to accept abuse mail if it's an ARF; free-form complaints are no longer accepted.  It's caused quite a bit of trouble, not the least of which being the three co-authors of ARF getting a lot of "I hope you're happy" hate-mail.

> For homogeneity, I'd put this extra BCP in MARF rather than ASRG.
> There are related issues, like manual vs. auto submission, and privacy
> considerations.

I'd be fine with that, but I'd invite the ASRG to comment.

-MSK (as participant)

v2.23.0 | Report a Bug | By Email