Re: [Asrg] ARF traffic, was Spam button scenarios
2010-02-10 03:38:38
On 09/Feb/10 20:25, Steve Atkins wrote:
You (and others) are obsessing about the MIME format of inbound email, which is
something of a scarlet fish.
What you need to be able to identify is who sent it to you, for what purpose,
under what agreement and what you need to do with the data in it.
Correct. I just implied that the "To" header field may not be the most
convenient data item for identifying the processing that a report
deserves. IMHO, until we have a handful of FBLs it may be a good
practice to cleverly partition each one using different addresses as
labels. However, if they become several dozens, we'd probably better
off classifying them by type rather than by agreement.
Let me try and fantasize about possible actions our handler may take,
besides assessing filters and adjusting reputations, which are always
possible.
Stratum 0 reports come from TiS buttons. We feed FBLs, including our
internal FBL --i.e. check if we host the sender.
Stratum 1 reports come from subscribed FBLs. We check whether the
original message had been sent through our MSA, in this case we apply
relevant policies. However, we might have just forwarded the original
message, or be anyhow involved in some trust chain. We can drop those
reports, or we can generate stratum 2 ones.
It seems that in any case we should check whether our MSAs can be
blamed for the original message. In case, we apply policies; that is,
we implicitly acknowledge the report. IMHO, it may be worth to provide
for error checking here, unless there is an overwhelming number of
unanimous reports: if the author appeals claiming that the TiS button
had been pushed by mistake, and her reputation is good, possibly ask
the recipient(s) to double check it. Only when sender and recipient(s)
(definitively) disagree, the relevant abuse teams will have to
manually inspect the original message (and punish the guilty.)
If our MSAs are not responsible for having injected the original
message into the mail system, we should check if we have a trust
relationship leading to the Reported-Domain. Perhaps it is convenient
to use the stratum data, or other agreement characteristics, as
weights for finding a minimum spanning tree. At any rate, the problem
of reaching a trusted domain through a trust chain can be stated
independently of how trust relationships are established.
If the Reported-Domain is not trusted, the report should be delivered
to the relevant connection provider, à la Abusix. It is an isolated
MTA or a bot.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] Spam button scenarios, (continued)
- Re: [Asrg] Spam button scenarios, John Levine
- Re: [Asrg] Spam button scenarios, Ian Eiloart
- [Asrg] ARF traffic, was Spam button scenarios, Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios, Steve Atkins
- Re: [Asrg] ARF traffic, was Spam button scenarios, Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios, Steve Atkins
- Re: [Asrg] ARF traffic, was Spam button scenarios, Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios, Chris Lewis
- Re: [Asrg] ARF traffic, was Spam button scenarios, Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios, Steve Atkins
- Re: [Asrg] ARF traffic, was Spam button scenarios,
Alessandro Vesely <=
- Re: [Asrg] ARF traffic, was Spam button scenarios, Chris Lewis
- Re: [Asrg] ARF traffic, was Spam button scenarios, Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios, Ian Eiloart
- Re: [Asrg] ARF traffic, was Spam button scenarios, Steve Atkins
- Re: [Asrg] ARF traffic, was Spam button scenarios, Ian Eiloart
- Re: [Asrg] ARF traffic, was Spam button scenarios, Alessandro Vesely
- Re: [Asrg] ARF traffic, was Spam button scenarios, Ian Eiloart
Re: [Asrg] Spam button scenarios, Ian Eiloart
Re: [Asrg] Spam button scenarios, Andreas Saurwein Franci Gonçalves
|
|
|