-----Original Message-----
From: asrg-bounces(_at_)irtf(_dot_)org
[mailto:asrg-bounces(_at_)irtf(_dot_)org] On Behalf Of
Chris Lewis
Sent: Monday, February 08, 2010 12:15 PM
To: Anti-Spam Research Group - IRTF
Subject: Re: [Asrg] RFC5451 Re: who gets the report, was We really
don't need
Could we not do this by extending 5451 semantics to have a "where to
complain to" cause?
That might work, if there's a reliable way to get that information
and relay it to MUAs.
It's a header in the email,
Which one?
Are you talking about an internal destination for spam reports (e.g.
your IT group), or an external one (e.g. abuse(_at_)domain)?
Either. If you have an AR header you trust, there's no reason to
refuse
it giving you an external destination.
Where would you get the external destination to be reported to MUAs?
Question is, how do we tell
it's
trusted, or do we care (especially with a site that's not 5451 aware)?
If we pitch it towards RFC5451-aware sites, and they pre-strip all
non-locally originated AR headers (as permitted by RFC5451), there's no
issue. Are the sites that won't be a big enough concern? Dunno.
I think you've answered it; an RFC5451-aware site would include that field only
if it's convinced the value it's thus reporting is correct, having gotten it
from some new parameter in a DKIM signature or something like that. Otherwise
it would report "abuse@(self-domain)", or nothing at all.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg