On NANAE, there's a group working on a "standard spam reporting" format
(see http://www.tmisnet.com/~strads/spam/bcp.html )
I'd certainly like to come up with a standard abuse report, although I
have to say the proposal on that web page leaves a lot to be desired.
The most likely container format would be XML, since it's a reasonable
format for tagged values, there's plenty of existing software to create
and parse it, and it's widely used in other RFCs already.
The researchy bits are partly to figure out what items a report needs
to contain, whether it works better to do one report per spam or to
collect multiple similar spams, and how best to deal with the desire
of some reporters to provide less than full information in their
reports. It might also make sense to standardize some responses,
e.g., accepted/problem solved, accepted/problem identified but not yet
solved, accepted/problem not identified, rejected/not from us,
rejected/insufficient information, rejected/queue full so try later.
We'd also need to be sure to avoid needless incompatibility with the
intrusion and incident WGs.
Although the most likely way to pass these things around would be as
MIME parts in e-mail messages to abuse desks, I wouldn't want to rule
out other transmission methods. I could easily imagine that large
ISPs might want fast dedicated channels so the could do real-time
problem analysis and resolution and maybe even detect and stop a spam
run in progress.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg