Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M
2010-02-09 05:45:08
--On 8 February 2010 15:29:58 +0000 John Levine <johnl(_at_)taugh(_dot_)com>
wrote:
Except that that doesn't happen much these days. The number of bounces
that I see into my domain is very small compared with even a year ago.
What you're suggesting here would revive that problem in a new form.
As Steve noted, very few people press the spam button. It's not a very
effective way to mailbomb people.
They don't? Well, very few people have a spam button to press. We're hoping
to change that, aren't we? At least, to open up the possibility that a lot
more people will have a spam button to press.
Of course, if spam reports are going to innocent third parties, then we'll
hope you're correct.
In fact, my first action will probably be to configure my mail server to
remove the abuse-report header on inbound, outbound, and forwarded
email.
Outbound I suppose, but why inbound or forwarded? Stuff that survives
your spam filters is considerably more likely to be from a real sender
than random spam. And what possible benefit is there to removing a
forwarder's AR? You want them to filter their spam better, don't you?
Why inbound? Because I don't want my users sending spam reports to third
parties based on a header in the spam message. I want them to send the spam
reports to me. I guess I might make an exception for gmail if the message
carries a valid DKIM score. But I certainly won't let these headers survive
unless there's either an SPF pass or a valid DKIM header.
Will I add an abuse-report header of my own? Probably not, because
that'll mean (currently) creating a new email domain to collect the
reports, trying to work out a way of filtering the reports from the
spam that reaches the same address. And then doing something with the
reports.
Why do you think you can't just set up an address in an existing domain
for the reports and put it in the AR header? The idea of overloading
the server name as a mail domain was a mistake that we're not doing.
OK, if you're not doing that, then that's fine. I'd be much happier with an
address in my existing domain, but not a standard address. It has to be one
that I can choose. It won't accept mail through my MX servers, though. If
the SMTP submission isn't authenticated, then I won't have any reason to
believe it's a valid report.
Even then, I'd still rather simply have a flag set in my IMAP server. I
don't want reports about messages that I never delivered to the mailbox. I
don't want reports that carry munged copies of the original message. And, I
don't want users to have to download messages with malware payloads simply
to report them. I'd like a user to be able to select a number of messages
and mark them as junk, without having to download them. I don't want them
running up large mobile bandwidth bills just to report spam. I don't want
their clients initiating time or cash costly transactions for the mail that
the users least want to download.
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] We don't need no stinkin IMAP or POP, was Adding a spam button to MUAs, (continued)
- Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M, Ian Eiloart
- Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M, Peter J. Holzer
- Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M, Ian Eiloart
- Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M, John Levine
- Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M,
Ian Eiloart <=
- Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M, Bart Schaefer
- Re: [Asrg] who gets the report, was We really don't need, John Levine
- Re: [Asrg] who gets the report, was We really don't need, Seth
- Re: [Asrg] who gets the report, was We really don't need, Alessandro Vesely
- [Asrg] RFC5451 Re: who gets the report, was We really don't need, Chris Lewis
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Murray S. Kucherawy
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Chris Lewis
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Murray S. Kucherawy
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Ian Eiloart
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Alessandro Vesely
|
|
|