On NANAE, there's a group working on a "standard spam reporting" format
(see http://www.tmisnet.com/~strads/spam/bcp.html )
YS > We actually have been discussing this. I have also been thinking about
using something like DSNs for this, with one part for human readable
data, another part for machine-readable and a copy of the original
message.
However, the problem seems to me that there is much more than simple
email abuse here. This format can be used for reporting spam messages.
What about open relays, hijacked computers, spam websites, false domain
registrations, etc.? All of these play a large part in the spam world
and SpamCop for example, reports URLs regularly. Some of this overlaps
with the workd of INCH and IDWG at the IETF.
So the question to me is more of scope - what scope should this subgroup
have?
Well it's right with the charter - "to facilitate management responses to
spam activity"
and "to help network managers identify and deal with sources of spam on
their networks"
Something that focuses solely on reporting spam messages
themselves can be easily done with some kind of DSN-like format. BUT, if
you want to report IPs, URLs, domains, and even perhaps include trace
information on the spammer's companies, that is something much bigger,
and requires different players.
I don't see a massive problem with coming up with sub-types (or
sub-sections?) of a spam-response DSN-like message which would cover the
types of report you identify.
The cited document suggests that reports may be sent to the "designated
reporting address" for:
1. The point of origin (determined from the headers)
2. Email drop boxes (if implicated)
3. Web sites (if implicated)
4. Regulatory authorities (if available)
5. Spam tracking services / block lists (if desired)
6. Online repositories
7. Other implicated parties (trademark protection)
All these kinds of reports are aimed at spam-reduction. If done right,
could be useful. If they're done wrong, they can be pretty spammy
themselves.
I'm interested - I wrote an "abusebot" which handles rather a lot of
(mainly) spurious abuse reports for a bunch of domains I'm responsible for.
A standard format would make automated responses easier to do and simplify
the consequent human workload. My attention was drawn to this by an abuse
reporter who sent us some stuff (with some tool I guess) - It took a while
to figure out why we got the report, even the reporter didn't know why at
first. I was able to tell him that he'd sent us the report because a
spamvertised website had an address in one of our domains as the technical
contact (in the whois).
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg