On 1/6/2004 9:05 PM, John Levine sent forth electrons to convey:
On NANAE, there's a group working on a "standard spam reporting" format
(see http://www.tmisnet.com/~strads/spam/bcp.html )
I'm BCCing George, the author in case he's not aware; bet he's interested.
I'd certainly like to come up with a standard abuse report, although I
have to say the proposal on that web page leaves a lot to be desired.
This is probably why it ran out of steam. There's been no further
discussion for ages, so I think there would be no objection to ASRG
taking over.
A MIME or XML format seems problematic, as most reports come from end
users. How are end users going to file reports in a format that their
MUAs don't readily support? (Readily. Yes, they can type XML directly,
or manually add various MIME attachments to each report, but that's
unreasonable.)
Let's KISS. There should be one format, and it should be simple enough
that an abuse desk's claim that it was too complex would strike most
anyone as unreasonable too. There'd be a bunch of predefined types, but
others would be allowed (could be IANA managed, e.g. like the Sieve mail
filter extension namespace, but that's probably overkill).
Format: AR 2.0 (A new suggestion I'm making: Include a string that would
identify an automatically parsable report.)
Attn: abuse(_at_)Yahoo(_dot_)dom
Type: dropbox
Re: nofoolin(_at_)yahoo(_dot_)dom
etc.
--------------------------------
Ideally we should work with the developers of *Abuse-queue management
tools*, e.g.
* Abacus <http://word-to-the-wise.com/abacus/index.html> commercial
ticketing/tracking system designed specifically for abuse desks
* Kana <http://www.kana.com/> commercial Customer Relations
Management tool
* Remedy <http://www.remedy.com/> commercial Customer Relations
Management tool
* Request Tracker <http://www.bestpractical.com/rt/> (RT and RT2)
open-source ticketing tool
* AbusePipe <http://www.crystalsoftware.com.au/analyzespam.html>
automated abuse handling software.
source: http://www.spamcop.net/fom-serve/cache/352.html
-----------------------------------
How spamcop chooses where to route reports is discussed at
http://www.spamcop.net/fom-serve/cache/94.html in some detail.
Read how it uses netblock size, whois records, and abuse.net entries.
Given the volume of reports SpamCop sends, it's probably as good as it
gets, and builds on rfc 2142. (Please, no SpamCop criticism based on
hearsay or *outdated* info on how it used to work; on-topic comments on
how you know it works currently only, Please!)
Excerpt:
*...[For Large Networks,] *SpamCop now bases its routing of reports
mainly on "whois records" - ... Normally, when SpamCop encounters a NOC
role account such as "hostmaster@ or noc@" in the whois records, it will
check with abuse.net for a valid abuse contact instead of sending
reports to your NOC role account. If...
*Abuse.net*
All abuse desks should register an email address for the domains they
manage with abuse.net. SpamCop will use this information to try to route
reports correctly. We...
--------------------------------
As an appendix, here's Spamcop's format. It's well defined enough to be
readily parsable.
Starts off:
--
[ SpamCop V1.3.4 ]
This message is brief for your comfort. Please use links below for details.
--
Then content depends on the type of abuse, e.g. :
--
Email from 0.0.0.0 / Sat, 20 Dec 2003 17:06:50 -0800 (PST)
http://www.spamcop.net/w3m?i=z5554050munged4c99f7z
[ Offending message ]
--
and/or
--
Spamvertised website: http://ama.sent.dom
http://ama.sent.dom is 0.0.0.0; Fri, 26 Dec 2003 06:17:47 GMT
http://www.spamcop.net/w3m?i=z56477868munged53cf9bd88517fez
[ Additional comments from recipient ]
[ Offending message ]
--
and/or
--
User-targeted report, see notes, if any.
http://www.spamcop.net/w3m?i=z4944731munged36df8b9z
--
Here's a format that SpamCop formerly sent; last I checked, it doesn't
report Spamvertised email addresses any more.
--
http://spamcop.net/w3m?i=z254904157zb4amunged1c30c3e9cz
Spamvertised email address: immediatecash(_at_)mail(_dot_)dom
immediatecash(_at_)mail(_dot_)dom is 0.0.0.0; Wed, 21 May 2003 08:12:33 GMT
--
Followed by the (often munged) SUBE header and body.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg