Re: [Asrg] ARF traffic, was Spam button scenarios

--On 9 February 2010 17:32:42 +0100 Alessandro Vesely <vesely(_at_)tana(_dot_)it> 
wrote:
> On 09/Feb/10 16:11, Ian Eiloart wrote:
> > The user retrieves a message from our mailstore, and attempts to use an
> > address in our domain to report it to us, but submitted through a third
> > party MSA. We'll simply reject the message on the basis that we don't
> > permit such traffic onto our MX servers. We won't even look at the
> > message body.
> There's a whole theory of other ARF messages that may arrive at a
> domain's abuse@ mailbox. A domain's user, or someone writing to a
> forwarded address of that domain, writes a message that is reported as
> spam, either correctly or by mistake. As part of an FBL or other
> trust-chain, the message comes back wrapped in an ARF report at the
> apparently originating domain.
>
> The mailbox is abuse(_at_)domain in both cases. Although it may seem desirable
> to have different addresses for incoming and outgoing reports, I doubt
> such distinction will ever be effective. Indeed, the forwarded case is
> ambiguous.
>
> A mail domain worth its salt should be able to recognize if the original
> message had been mailed out from its premises, and who is its blamed
> author or sender. Policies spell out sequent actions.
That's right. We're talking about messages with a sender address in our 
domain, that were NOT sent using our MSA. We don't permit that. We'll 
reject the message.
Actually, I think I said we won't look at the message, but that's not 
right. We check the message headers to identify messages that were 
originally routed through the MSA. For abuse reports from our domain, 
though, they're not going to go out of our system and back again.

--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg