ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] ARF traffic, was Spam button scenarios

2010-02-10 06:43:20
from [Ian Eiloart] [Permanent Link] 


--On 9 February 2010 09:49:47 -0800 Steve Atkins <steve(_at_)blighty(_dot_)com> 
wrote:



On Feb 9, 2010, at 9:38 AM, Ian Eiloart wrote:




--On 9 February 2010 17:32:42 +0100 Alessandro Vesely 
<vesely(_at_)tana(_dot_)it>
wrote:


On 09/Feb/10 16:11, Ian Eiloart wrote:

The user retrieves a message from our mailstore, and attempts to use an
address in our domain to report it to us, but submitted through a third
party MSA. We'll simply reject the message on the basis that we don't
permit such traffic onto our MX servers. We won't even look at the
message body.


There's a whole theory of other ARF messages that may arrive at a
domain's abuse@ mailbox. A domain's user, or someone writing to a
forwarded address of that domain, writes a message that is reported as
spam, either correctly or by mistake. As part of an FBL or other
trust-chain, the message comes back wrapped in an ARF report at the
apparently originating domain.

The mailbox is abuse(_at_)domain in both cases. Although it may seem
desirable to have different addresses for incoming and outgoing
reports, I doubt such distinction will ever be effective. Indeed, the
forwarded case is ambiguous.

A mail domain worth its salt should be able to recognize if the original
message had been mailed out from its premises, and who is its blamed
author or sender. Policies spell out sequent actions.


That's right. We're talking about messages with a sender address in our
domain, that were NOT sent using our MSA. We don't permit that. We'll
reject the message.

Actually, I think I said we won't look at the message, but that's not
right. We check the message headers to identify messages that were
originally routed through the MSA. For abuse reports from our domain,
though, they're not going to go out of our system and back again.


This is nothing to do with abuse reports, though, nor mail sent to abuse@
anywhere. It's mail to a specific special address used solely for TiS
notifications.
I was using the term abuse report generically, to include any email that might be generated as a result of a user hitting a TiJ button. I'm hoping it's not going to use the word "spam". 



Even in a setup such as yours with strange rules for general mail
delivery, it'd be possible to special case that specific special address
should you choose to do so. (In fact it would likely be in an entirely
different domain, making that easy to do).
It's not such a strange thing to enforce use of Message Submission Agents, is it? What I do is roughly equivalent to insisting on DKIM or SPF for my domain. I'm expecting that to become widespread, and I know that I'm not alone among institutional mail admins.
However, I'm definitely NOT going to exempt TiJ submissions. That would be tantamount to an invitation to spammers to poison my spam filters. If anything, I'm going to be more strict about the origins of those messages, not less. 

--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Consensus Call - submission via posting (was Re: Iteration #3), Jose-Marcio Martins da Cruz
Next by Date:  Re: [Asrg] ARF traffic, was Spam button scenarios, Ian Eiloart
Previous by Thread:  Re: [Asrg] ARF traffic, was Spam button scenarios, Steve Atkins
Next by Thread:  Re: [Asrg] ARF traffic, was Spam button scenarios, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]