Robert G. Brown wrote:
Right now enabling SPs are insulated from any kind of RFC-based
responses or complaints about spam because MUA's and MTA's have no
predefined protocol for generating such a response in a constructive
way. Most complaints/bounces that are automatically generated by
antivirus software or reported by humans (I've read plenty of both:-(
are hopeless and de facto useless without several rounds of
communications, and sometimes not even then: the humans don't even know
what a mail header IS and often have no way of knowing or suspecting
that the From address is bogus or sending in the real header so it can
be parsed by the SP postmaster. Antivirus software developers should
know better (damn it!) but even THEY don't bother to parse the header or
include the header in the stupid bounces they generate, or validate
any sort of correspondance between originating host and From address.
So even though one could argue that adding a real protocol layer for a
preformatted, standardized, spam/virus bounce is not strictly necessary
because all the information is already IN the header, doing it anyway
might codify and standardize a complaint so that the complaint "always"
contains the essential information and so that a complaint to the right
target is "easy" to generate (can even be generated automatically). It
could then guide the development of compliant tools that can deal with
this for ignorant humans using stupid MUAs and maybe even (presumably)
smarter AV programmer humans as well.
We have a closed subgroup in the ASRG for discussions of exactly this
kind of stuff (http://asrg.sp.am/subgroups/abuse_reports.shtml). But we
haven't gathered that much interest which makes us think that not
everyone considers this a great idea.
Yakov