[feedback-report] Comments on draft (and spam reporting in general)

Yakov Shafranovich YakovS at solidmatrix.com
Wed May 25 14:23:13 PDT 2005 

William Leibzon wrote:
> 
> First I'd like to note that I think standard spam reporting format is a 
> good idea (in fact there was supposed ASRG group working on that - 
> whatever happened to it and why discussions are being done on separate 
> mail list and not there),

We wanted to start from scratch without any preconceived notions about 
ASRG/IRTF/IETF/etc. Eventually, we might move this over to the ASRG or 
perhaps directly into an IETF WG. Alternatively, this may be submitted 
as an independent submission to the IETF.

  but I'd have thought it be better if it format
> was XML as it gives more options on what and how to report and 
> extendability for the future then simple mime text fields.
> 

The providers wanted something simple and XML was too complicated. I 
think that one of the concurent problems with this effort is that 
anything proposed was way to complicated. In this case, the absolute 
minimum to comply requires wrapping the offending spam message or its 
headers in a MIME type and adding two fields: "Version" and "User-Agent" 
, none of which require any complicated processing. I think that is why 
this has attracted more attention from providers than other methods.

In the future, I forsee other formats for this as well: XML, aggregate, 
etc. so this is something just to start with.

> In any case I'm going to comment on current draft first:
> 
> 1. Discussion is needed on combining reporting of more then one email
>    In particular what needs to be decided is:
...

This document specifically does not address aggregate reporting. The 
providers I have discussed this with felt that a single spam/report 
solution might be something that can jump start this effort, with 
aggregate formats developed later on.

> 
> 2. The report includes Reported-Domain and Reported-URI but its possible
>    (in fact likely) that reporting maybe for particular email address
>    rather then domain or URI. I actually think that having separate
>    fields (and adding yet another one) is not the best idea and its
>    better to have something like "Reported-Field:" which would have
>    a tag "type" that can be "URI", "email" or "domain" and then data, i.e.
>      Reported-Field: type="email"; abuser at hulligans.org
>       (apologies if hulligans real domain, I've not checked)
>      Reported-Field: type=URI ; http://www.bankofamerica-phisher.com
> 
>    Note: I don't particular like "-Field" as part of above, but I could
>    not find anything else general enough except "subject" and using that
>    would be even more confusing. Another possibility is just use 
> Reported-URI
>    and use "dns" for reporting dns and "mailto" for reporting email 
> addresses
> 

I was thinking along the lines of the second solution - just use mailto 
and dns. Perhaps a bit more explanation is needed in the draft.

> 3. On above, it is probably a good idea to indicate in report if what is
>    being reported is data field from email transmission, email header
>    or email body (and if email body not a bad idea to make possible
>    to report cid URI reference to particular mime body part). Perhaps
>    also indicating particular "location" (byte number) where what is
>    being reported is at is good idea as well (this brings question on
>    syntax to report if field appears in more then one place, probably
>    mutliple Reported-Field).
> 

For now the providers feel that anything more complicated than either 
the entire message or its headers might be too much.

Yakov

More information about the abuse-feedback-report mailing list