[feedback-report] ARF working group interest?
John R. Levine
johnl at iecc.com
Thu Sep 3 11:43:42 PDT 2009
>> This is a good point. FBL data (other than AOL) tends to be unredacted
>> because you know who you're sending it to.
>
> The last thing one would do is to confirm users' addresses, or betray
> honeypots. Will guidance for munging be part of the ARF spec?
Sorry, but that's just wrong. Several large ISPs send me fully unredacted
copies of messages in FBL reports.
> I see no contradiction here: either users push a button to generate ARF
> reports for their own ESPs (updated clients), or move spam messages to ad-hoc
> IMAP folders (problematic clients) so that an ARF header can be generated
> directly from the file (any added delay may help anonymization.)
I presume you mean ISP, not ESP. In my experience abuse reports from end
users are almost always useless. Senders will often trust a report from
the ISP but not from the end user since they'll have an FBL agreement with
the ISP.
> Should ESPs verify that the stuff is actually spam or just forward it?
Wow, talk about a research topic.
R's,
John
More information about the abuse-feedback-report
mailing list