ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Spam button scenarios

2010-02-08 08:31:52
from [Alessandro Vesely] [Permanent Link] 
On 08/Feb/10 07:28, John R. Levine wrote:

Here's some scenarios in which I'm not sure what the best thing is to do.

A) User has multiple incoming accounts, presses the spam button, and the
outbound MSA doesn't match the incoming account. Hence the report goes
via unrelated third parties that might snoop on it. Do we care? The user
has said it's spam, after all.
We care that reports get lost. However, picking the wrong MSA should at most result in a suboptimal delivery path. Was the destination address correct? 


B) Assume a model in which the spam reporting address is determined per
account, e.g., fetched from the POP or IMAP server via an extension. The
user for whatever reason moves a message from account A into the IMAP
mailbox for account B and then hits the spam button, which sends the
report to B, even though the message was from A. Do we care? It's the
user's fault, although I can think of some simple configurations that
would cause that, e.g., MUA based spam filter that puts all the junk
into the Junk folder on the first IMAP account.
Assume the MUA doesn't track moving the message. Using A-R fields, it would find the one from A, but since it is not trusted on B's mailbox the MUA shouldn't use it.
Alternatively, the MUA can determine the validity of the top A-D field when it downloads the message. That would be useful for displaying A-R icons in message listing panes. And, it would allow to report the message as spam --to the right server-- even after it has been moved to a different account. 


C) I have a Gmail account and a Yahoo account. The Gmail account is set
up to fetch my Yahoo mail so I can see it all in one place. I use
Gmail's IMAP server to read my mail. (I really do this, by the way.) I
hit the spam button. Who should get the report?

1) Gmail since that's who I picked it up from
2) Yahoo since that's where the spam was sent
3) Gmail but they should also forward the report to Yahoo
By symmetry, #3. But what A-R fields do you get in messages transferred that way? 

If I had

  Authentication-Results: mx.google.com; spf=pass (google.com: domain
   of vesely(_at_)tana(_dot_)it designates 62.94.243.226 as permitted sender)
   smtp(_dot_)mail=vesely(_at_)tana(_dot_)it
then I would report to abuse(_at_)mx(_dot_)google(_dot_)com --I currently cannot, because there's no such domain. 

Is there any report on current A-R usage?
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Spam button scenarios, Ian Eiloart
Next by Date:  Re: [Asrg] Adding a spam button to MUAs, Ian Eiloart
Previous by Thread:  Re: [Asrg] Spam button scenarios, Andreas Saurwein Franci Gonçalves
Next by Thread:  Re: [Asrg] Spam button scenarios, Ian Eiloart
Indexes:  [Date] [Thread] [Top] [All Lists]