[feedback-report] misc comments
(on draft-shafranovich-feedback-report-00(pre I-D))
matthew at elvey.com
Tue May 3 17:14:22 PDT 2005
On 4/29/05 3:41 PM, Yakov Shafranovich sent forth electrons to convey:
> Matthew Elvey wrote:
>> Is this intended to obsolete RFCs 1982 or 3462?
> Nope. I guess I should clarify the intent better in the next draft but
> this format intended as a child of 3462 just like DSNs and return
> receipts are. The intent of this specific format is a format for
> providing feedback between network operators and organizations
> regarding abuse issues primarly and related matters like opt-outs,
> "virus detected" messages, etc.
>> Should we add to 2 Intent:
>> d To inform reputation service providers about email abuse by
>> entities* they vouch for.
>> Also, what about ISPs providing hosting or dns for spamvertized email
>> or website addresses?
>> *(by this I mean IPs or (HELO or 282[1|2].FrOM or Sender: or even
>> PRA) domains or perhaps something else)
> I intended to cover all of these and will clarify so in the next draft.
>> Change 3 b and 4 g to be more explicit about whether the headers and
>> body must always be included (folks reading 3 b might (wrongly)
>> assume that headers are not part of the message). Why not say that
>> they MUST be included?
> Will do.
>> Re. 4 f: s/x.x.x.x/[IP]/ and s/YYYY.ZZZZ/example.com/? IPs could
>> be IPv6 IPs, and example.com is clearer, IMO.
>> Big picture issues:
>> One issue I see with this draft is that it's impossible to send such
>> reports without specialized tools; normal MUAs can't send this mime
>> Is that a feature or a bug? Another issue is that it implies that a
>> reporter must craft a separate email for each reportee.
> Both are features:
> 1st issue - its intended for ISP to ISP communications primarly (i.e.
> their abuse systems and things like AOL's scomp).
> 2nd issue - this format is intended to cover the use case of one
> report/message. Summaries and aggregate formats will follow as a
> separate standard. ISP feedback affected both of these points.
> Regarding the first point once more, I would really really really like
> to write a Thunderbird/Mozilla Mail extension to generate these
> reports but don't have the time to do so.
If it's for ISP-ISP communications, why an extension? And if a major
user will be end-users, changes to address the above two issues seem doable.
There used to be many abuse@ addresses that don't accept, or discard
all attachments. That may have changed; I haven't sent anything other
than plain text in to abuse-handling addresses in years. Actually, I do
have one recent data point. I did send email to spamhaus, and because I
wanted to show a chart, I sent a mail in dual text/html format; the
recipient slogged through the plain text version.) I guess if you've
spoken to a bunch of ISPs (both reputable and not-so-reputable ones),
and they're all ok receiving attachments, then I've no objection.
>> This thread outlines the task before us well, IMO:
> I don't have the time to read through it right now but I will do so
> either Sunday night or early next week. However, a quick look through
> it seems to talk about parsing issues. I will get back on this as soon
> as I read the whole thing in detail.
I just noticed that the first few posts were pretty useful; I don't
recall the rest.
>> ..Yakov, [may I] post anything from our private email on this topic...
> Please go ahead.
Here goes. Edited.
> Matthew Elvey wrote:
>> 1)Are you aware of the significant prior work done as noted here:
>> http://www.tmisnet.com/~strads/spam/bcp.html ? IIRC, I mentioned it
>> on ASRG or MARID.
> I am aware of it and will include a reference in the next draft.
> This draft has been developed based on a lot of private feedback from
> ISPs and MAAWG members.
>> 3)Consider CSV (csv) for the initial "Authentication-Domain-Method"
> No problem, I am sure there are more as well.
>> 4)Any feedback from spamcop.net/Julian Haight? I'd like to know if
>> SpamCop would adopt this format; they probably have as good an idea
>> as anyone what works, having transmitted more reports than anyone
>> else. Also, they've developed a de facto standard.
> Julian is very enthuiastic about the draft.
Yakov, let me know if my assumption that that
draft-shafranovich-abuse-report-00 has been replaced by
draft-shafranovich-feedback-report-00 is wrong.
More information about the abuse-feedback-report