On Monday 08 February 2010 19:18:30 Dave CROCKER wrote:
On 2/8/2010 11:11 AM, Andrew Richards wrote:
The alternative requires that a copy of the message still be at the
server. That works in only some MUA-based models. Often/typically,
the entire message is downloaded to the MUA's site and the server no
longer has a copy. Hence, it's too late to enjoy merely passing a
citation back to the server.
I wish to imply that it would become a requirement for the server to
hold a copy if it wishes to implement this functionality
That creates a massive barrier to adoption. Huge implementation
overhead.
However TiS is implemented will require implementation work on the server-
side, so I'm not sure that [2] is so different from [1] in this respect.
The challenge is the "few days". It means that the mechanism fails
after a few days. Is that acceptable? Why?
Reports of spam are most useful the fresher they are
while no doubt true, it is not a clear to me that it's appropriate to
make it impossible to submit older reports.
MTA admins may choose how long to retain copies of messages, perhaps
subject to a suggested minimum. So yes it would be impossible in some
cases, but is that a problem if 95% of spam can be successfully reported
(95% of reports being fresh enough for the message still to be held by the
MTA)? Losing 5% of reports is perhaps worthwhile if this approach has other
advantages, I would suggest a greater elegance (no squandered bandwidth,
see separate post) and a safer security model re. information leakage. I am
of course pulling my 95%/5% figures out of thin air. The MTA admin has an
incentive to retain copies for a reasonably long time to maximise his/her
anti-spam capabilities.
Alternatively to address that 5%, and perhaps relevant to other TiS
approaches, if MTAs had the option of retaining messages for TiS purposes,
if the report-submission was interactive (such as Steve Atkins option [3]
'for completeness' posted on 6th Feb which I've pasted below) the MUA could
query whether the upstream system already has a copy of the message. For
example I would note that IMAP servers have a good chance of having the
message. The MUA can then report TiS messages where a copy has been kept
without inadvertent information leakage, and might have a user setting
whether to send a full report where no copy has been kept.
cheers,
Andrew.
---------
Steve's option [3]:
[3] Is the same for every mechanism for retrieving the message,
but not based on submitting email.
... for example, reporting via an HTTP post, or an SMTP extension,
or XMPP, or telepathy, regardless of whether the original message
was read via POP, IMAP, spool access, SMTP ETRN, SMS or an
XML-RPC call.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg