[feedback-report] The limits of ARF, and INCH
John R. Levine
johnl at iecc.com
Sun Jul 26 12:00:31 PDT 2009
>>> Reporting Format" but at the moment it's not possible to report all
>>> kinds of abuse with it. Dropboxes, Phishing, DoS, ...
We designed ARF for a limited purpose: reports about a single e-mail
message. It serves that purpose pretty well, give or take possible
niggles about extra details one might want to point out in the message.
There's been a lot of work on "Incident Handling", where an incident
consists of multiple events. The IETF INCH group produced RFC 5070 which
defines the Incident Object Description Exchange Format (IODEF), a rather
complex XML format, along with some other documents still in draft form
including an implemenation guide, how you pass them via SOAP, and some
other stuff. It's always surprised me that this activity seems to be
going on with no input from the anti-spam community.
Take a look here to see current activities:
http://www.cert.org/ietf/inch/inch.html
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
More information about the abuse-feedback-report
mailing list