On Feb 8, 2010, at 12:19 PM, Chris Lewis wrote:
John R. Levine wrote:
Here's some scenarios in which I'm not sure what the best thing is to do.
A) User has multiple incoming accounts, presses the spam button, and the
outbound MSA doesn't match the incoming account. Hence the report goes via
unrelated third parties that might snoop on it. Do we care? The user has
said it's spam, after all.
I'm leaning back towards inband (eg: RFC5451 AR header as extended), thus
your B is moot, and addressing choices (sans trust issues) is trivial.
C) I have a Gmail account and a Yahoo account. The Gmail account is set up
to fetch my Yahoo mail so I can see it all in one place. I use Gmail's IMAP
server to read my mail. (I really do this, by the way.) I hit the spam
button. Who should get the report?
1) Gmail since that's who I picked it up from
2) Yahoo since that's where the spam was sent
3) Gmail but they should also forward the report to Yahoo
Very much Gmail. If they want to chain it back to Yahoo as part of their
FBL, they can.
Even though the mail was never received by Gmail, just fetched by them from the
IMAP server it was delivered to?
If the reporting address is included in the AR header as added at the Yahoo MX,
that would't be overwritten by Gmail, I don't think?
Cheers,
Steve
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg