[feedback-report] ARF working group interest?
John R. Levine
johnl at iecc.com
Thu Sep 3 13:24:28 PDT 2009
>> So would there be interest in a standard way for 3rd party mail clients
>> to know where to send a report to their provider, who could then send
>> it on to the originator if they chose to?
>
> Yes, definitely.
It's an interesting challenge to figure out how to do that in a way that
will work, will be resistant to misuse (e.g. spammers providing fake
info), and won't require major surgery to existing mail software.
Since it is quite common for a single MUA to collect mail from multiple
accounts, it's important that there be an address per provider, not just
one address per MUA. My copy of Thunderbird, for example, collects mail
from Yahoo, Hotmail, Gmail, AOL, and my own mail server, which may be a
bit extreme but should still work.
I can think of two general approaches. One somehow adds the report
address to the per-account config, the other to the messages. I'd prefer
to do the config, except that config is already a painful swamp which
isn't likely to be drained any time soon.
The other is to add a trace header to the top of each message along the
lines of
ARF-Info: to report at corp.bigisp.com auth someuser at bigisp.com
via submithost.bigisp.com:587
It's a trace header so the top one wins, deterring fakes. The idea of the
auth clause is to give the MUA a hint about which account to use. If the
auth doesn't match one that the MUA already knows, there's no button for
this message.
I realize this is kind of a kludge, but this at least avoids adding more
config state to MUA setup. Autodiscovery sounds like a great idea, but
I'm having trouble figuring out how it would work unless you want to
extend POP and IMAP with commands to fetch extended config info, which I
fear would have serious political problems with the keepers of the POP and
IMAP specs.
R's,
John
More information about the abuse-feedback-report
mailing list