Re: [Asrg] We really don't need no stinkin IMAP or POP foram button to M

--On 8 February 2010 15:29:58 +0000 John Levine <johnl(_at_)taugh(_dot_)com> 
wrote:

> > Except that that doesn't happen much these days. The number of bounces
> > that  I see into my domain is very small compared with even a year ago.
> > What  you're suggesting here would revive that problem in a new form.
> As Steve noted, very few people press the spam button.  It's not a very
> effective way to mailbomb people.
They don't? Well, very few people have a spam button to press. We're hoping 
to change that, aren't we? At least, to open up the possibility that a lot 
more people will have a spam button to press.
Of course, if spam reports are going to innocent third parties, then we'll 
hope you're correct.
> > In fact, my first action will probably be to configure my mail server to
> > remove the abuse-report header on inbound, outbound, and forwarded
> > email.
> Outbound I suppose, but why inbound or forwarded?  Stuff that survives
> your spam filters is considerably more likely to be from a real sender
> than random spam.  And what possible benefit is there to removing a
> forwarder's AR?  You want them to filter their spam better, don't you?
Why inbound? Because I don't want my users sending spam reports to third 
parties based on a header in the spam message. I want them to send the spam 
reports to me. I guess I might make an exception for gmail if the message 
carries a valid DKIM score. But I certainly won't let these headers survive 
unless there's either an SPF pass or a valid DKIM header.
> > Will I add an abuse-report header of my own? Probably not, because
> > that'll  mean (currently) creating a new email domain to collect the
> > reports, trying  to work out a way of filtering the reports from the
> > spam that reaches the  same address. And then doing something with the
> > reports.
> Why do you think you can't just set up an address in an existing domain
> for the reports and put it in the AR header?  The idea of overloading
> the server name as a mail domain was a mistake that we're not doing.
OK, if you're not doing that, then that's fine. I'd be much happier with an 
address in my existing domain, but not a standard address. It has to be one 
that I can choose. It won't accept mail through my MX servers, though. If 
the SMTP submission isn't authenticated, then I won't have any reason to 
believe it's a valid report.
Even then, I'd still rather simply have a flag set in my IMAP server. I 
don't want reports about messages that I never delivered to the mailbox. I 
don't want reports that carry munged copies of the original message. And, I 
don't want users to have to download messages with malware payloads simply 
to report them. I'd like a user to be able to select a number of messages 
and mark them as junk, without having to download them. I don't want them 
running up large mobile bandwidth bills just to report spam. I don't want 
their clients initiating time or cash costly transactions for the mail that 
the users least want to download.
> R's,
> John
> _______________________________________________
> Asrg mailing list
> Asrg(_at_)irtf(_dot_)org
> http://www.irtf.org/mailman/listinfo/asrg


--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg