[feedback-report] misc comments (on draft-shafranovich-feedback-report-00(pre I-D))

Matthew Elvey matthew at elvey.com
Tue May 3 17:14:22 PDT 2005 

On 4/29/05 3:41 PM, Yakov Shafranovich sent forth electrons to convey:

> Matthew Elvey wrote:
>
>> Is this intended to obsolete RFCs 1982 or 3462?
>>
>
> Nope. I guess I should clarify the intent better in the next draft but 
> this format intended as a child of 3462 just like DSNs and return 
> receipts are. The intent of this specific format is a format for 
> providing feedback between network operators and organizations 
> regarding abuse issues primarly and related matters like opt-outs, 
> "virus detected" messages, etc.
>
>> Should we add to 2 Intent:
>>   d To inform reputation service providers about email abuse by 
>> entities* they vouch for.
>> Also, what about ISPs providing hosting or dns for spamvertized email 
>> or website addresses?
>> *(by this I mean IPs or (HELO or 282[1|2].FrOM or Sender: or even 
>> PRA) domains or perhaps something else)
>>
>
> I intended to cover all of these and will clarify so in the next draft.
>
>> =-=-=
>> Change 3 b and 4 g  to be more explicit about whether the headers and 
>> body must always be included (folks reading 3 b might (wrongly) 
>> assume that headers are not part of the message).  Why not say that 
>> they MUST be included?
>
>
> Will do.
>
>> =-=-=
>> Re. 4 f:  s/x.x.x.x/[IP]/  and s/YYYY.ZZZZ/example.com/?   IPs could 
>> be IPv6 IPs, and example.com is clearer, IMO.
>
>
> K.
>
>> =-=-=
>> Big picture issues:
>> One issue I see with this draft is that it's impossible to send such 
>> reports without specialized tools; normal MUAs can't send this mime 
>> type.
>> Is that a feature or a bug?  Another issue is that it implies that a 
>> reporter must craft a separate email for each reportee.
>>
>
> Both are features:
> 1st issue - its intended for ISP to ISP communications primarly (i.e. 
> their abuse systems and things like AOL's scomp).
> 2nd issue - this format is intended to cover the use case of one 
> report/message. Summaries and aggregate formats will follow as a 
> separate standard. ISP feedback affected both of these points.
>
> Regarding the first point once more, I would really really really like 
> to write a Thunderbird/Mozilla Mail extension to generate these 
> reports but don't have the time to do so.

 If it's for ISP-ISP communications, why an extension?    And if a major 
user will be end-users, changes to address the above two issues seem doable.
 There used to be many abuse@ addresses that don't accept, or discard 
all attachments.  That may have changed; I haven't sent anything other 
than plain text in to abuse-handling addresses in years.  Actually, I do 
have one recent data point.  I did send email to spamhaus, and because I 
wanted to show a chart, I sent a mail in dual text/html format;  the 
recipient slogged through the plain text version.)  I guess if you've 
spoken to a bunch of ISPs (both reputable and not-so-reputable ones), 
and they're all ok receiving attachments, then I've no objection.

>
>> This thread outlines the task before us well, IMO:
>> <http://groups-beta.google.com/group/news.admin.net-abuse.email/browse_frm/thread/fbb5ea0269b1fada/fdd399a8b869aa77#fdd399a8b869aa77> 
>>
>
>
> I don't have the time to read through it right now but I will do so 
> either Sunday night or early next week. However, a quick look through 
> it seems to talk about parsing issues. I will get back on this as soon 
> as I read the whole thing in detail.

I just noticed that the first few posts were pretty useful; I don't 
recall the rest.

>> ..Yakov, [may I] post anything from our private email on this topic...
>
> Please go ahead.

Here goes. Edited.


Yakov wrote:

> Matthew Elvey wrote:

>> <http://www.shaftek.org/publications/drafts/abuse-report/draft-shafranovich-abuse-report-00.html>
>> 1)Are you aware of the significant prior work done as noted here:
>> http://www.tmisnet.com/~strads/spam/bcp.html ?  IIRC, I mentioned it 
>> on ASRG or MARID.
>>
> I am aware of it and will include a reference in the next draft.
> ...
> This draft has been developed based on a lot of private feedback from 
> ISPs and MAAWG members.
>
>> 3)Consider CSV (csv) for the initial "Authentication-Domain-Method" 
>> registry.
>>
>
> No problem, I am sure there are more as well. 

>>
>> 4)Any feedback from spamcop.net/Julian Haight?  I'd like to know if 
>> SpamCop would adopt this format; they probably have as good an idea 
>> as anyone what works, having transmitted more reports than anyone 
>> else.  Also, they've developed a de facto standard.
>
> Julian is very enthuiastic about the draft.


Yakov, let me know if my assumption that that 
draft-shafranovich-abuse-report-00 has been replaced by 
draft-shafranovich-feedback-report-00 is wrong.

More information about the abuse-feedback-report mailing list