[MORG] New IMAP keyword registration proposal: $Phishing
Robert Mueller <robm@fastmail.fm> Sun, 26 March 2017 10:45 UTC
Return-Path: <robm@fastmail.fm>
X-Original-To: morg@ietfa.amsl.com
Delivered-To: morg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12F4612952D for <morg@ietfa.amsl.com>; Sun, 26 Mar 2017 03:45:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=XoEZSQ1d; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=SNkorFJg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lQPWCaMazUJm for <morg@ietfa.amsl.com>; Sun, 26 Mar 2017 03:45:10 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4752B12422F for <morg@ietf.org>; Sun, 26 Mar 2017 03:45:10 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 8A86920AF8; Sun, 26 Mar 2017 06:45:09 -0400 (EDT)
Received: from web3 ([10.202.2.213]) by compute7.internal (MEProxy); Sun, 26 Mar 2017 06:45:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= cc:content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=TT4eDP+R0RxhwYkr+Lkid2XC6brW08FnqJ+SCk2BCLI=; b=XoEZSQ1d OHC25x57FXJaGDPmAwIhvL25rte0AlUnGQkV3XXS3oH65JO45B396gQtwuwv4Kr0 T70QYq1u1E6GO+wXnRBbxOEbZkta3Qvo2pewEURQzBrinpm5PEkTHu/siTPS+58u AogVGeNOaG064SNQNsO5VMh8byR7gDZ/MJkAAdnPsJSyhU2IXJpAx5lJqlbDr/MV Ve3YQWUliEAMo3OCb4qzya74C2GdvyjokYrxvswxuW92zmij+QE8mF+7YnrLir7q nX7gP7A8Zj1GIcwsCioytCYANGiqaBhdfSs2S1vhJ4p2YCy9RyDe2m2S6mko3Sr/ IhYKhKk9UISo2A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=TT4eDP+R0RxhwYkr+Lkid2XC6brW0 8FnqJ+SCk2BCLI=; b=SNkorFJgh7n6Gdt8paIGfhk/ks7+eP6a3v2LFA9DUVCx7 LaDdn2sWCVZdj7y+TrQWej8US9sjF8/3hDiDkKy5h5rLHkaS5//05gQI0+J7qLZF cdcBuK/VPTGBo8c92M9PyZsNhl81Bkso9Qiy0hU5K9qIn1Irp8HdpkN8IcMYGxms i/l6UjaHjUSAgl1Judmg5z/9ZNRQ7IymvMI0j3PSadERFAbmbeRYqkw/OpB6WKkh 9i3KFAOR3Wcaf6n2dsJ9Du7x+BzGY5ruwaSrSNIMeuMjiFVAZU5bGhKgFc4W15wE xirCTBi5A7RVc2hr2tgTNbgk0PwL59dMkKKUbYHnQ==
X-ME-Sender: <xms:tZvXWMznnT65gQ-QtXth6d-XDyfVQE1p0z90AqPftQH9R5tb8GAIYw>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 5D20C9EA7F; Sun, 26 Mar 2017 06:45:09 -0400 (EDT)
Message-Id: <1490525109.4015337.923700488.22F85FDF@webmail.messagingengine.com>
From: Robert Mueller <robm@fastmail.fm>
To: morg@ietf.org
Cc: iana@iana.org, Alexey Melnikov <aamelnikov@fastmail.fm>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-dcf84519
Date: Sun, 26 Mar 2017 21:45:09 +1100
Archived-At: <https://mailarchive.ietf.org/arch/msg/morg/65YV6545FTw2PaA_1ytVFhA2H-Q>
Subject: [MORG] New IMAP keyword registration proposal: $Phishing
X-BeenThere: morg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Organization <morg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/morg>, <mailto:morg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/morg/>
List-Post: <mailto:morg@ietf.org>
List-Help: <mailto:morg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/morg>, <mailto:morg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2017 10:45:12 -0000
IMAP keyword name: $Phishing Purpose (description): Phishing emails are a particularly pernicious problem and unfortunately many users are tricked by them into revealing private passwords and other personal information. Many delivery agents may be able to detect emails as likely phishing emails either at delivery time or shortly afterwards, but moving them to the users spam/junk folder or marking them as $Junk may not be enough. If they look legitimate enough, users may think they were incorrectly identified as junk and still click on the links in them believing that they are legitimate and the marking as junk was a false positive error. The $Phishing keyword can be used by a delivery agent to mark a message as highly likely to be a phishing email. If this is the case, the user agent should display an additional warning message to the user alerting them that this email seems suspicious and may be trying to trick them into giving away personal information. Additionally the user agent may display a warning when clicking on any hyperlinks within the message. In general an email that’s determined to be a phishing email by the delivery agent should also be considered a junk email and have the appropriate junk filtering applied as well (e.g. setting the $Junk flag or placing in the \Junk special-use mailbox. Private or Shared on a server: SHARED (see Note 1) Is it an advisory keyword or may it cause an automatic action: This keyword is advisory. When/by whom the keyword is set/cleared: $Phishing will mostly be set by a delivery agent. A mail client may set the flag if it supports a “Report phishing” type action. If a user marks a message as not junk, the $Phishing flag should also be removed. Related keywords: $Junk and $NotJunk Related IMAP capabilities: RFC6154 IMAP LIST Extension for Special-Use Mailboxes Security considerations: False positive detection of a phishing email by a delivery agent is always possible so user agents should never fully stop users being able to view a message or click through on links in the message. Published specification (recommended): Person & email address to contact for further information: Rob Mueller <robm@fastmail.com> Intended usage: COMMON Owner/Change controller: IESG 1). Unlike junk where people may have different ideas of what email might be considered junk or not junk, and as it’s expected that mostly delivery agents will set this flag, this should be a shared flag. -- Rob Mueller robm@fastmail.fm
- [MORG] New IMAP keyword registration proposal: $P… Robert Mueller