On 29/Dec/10 01:30, Mark Foster wrote:
On Wed, Dec 29, 2010 at 4:31 AM, Alessandro Vesely <vesely@tana.it <mailto:vesely@tana.it>> wrote:
Automation is supposed to make reporting easier for the victim, not harder. Many webmail sites already have a "Report as Spam" button. It should be added to regular (POP3/IMAP) mail clients too.
Yes, and this is a key point. Standard formats for abuse reporting via email will in turn allow email client developers to embed the tech required to simplify reporting of abuse. However by making it easier, you also increase the chances that the report is inadvertant? For example Gmail allow you to 'undo' reporting as Spam. This would also need to be an option available to a user....
Implementation is lacking. Policies should be devised so that complaints are transmitted backward to each responsible relay, forwarder, or author, along some trusted path. For single hops, this is currently carried out with feedback loops. The possibility to challenge a report should be granted to authors. That is, it would be fair if authors could prompt careless reporters for undoing their reports. In facts, purported authors are probably the only humans who may want to look at the body of a reported message.
This to me is all an attempt to make abuse-complaint-receivers better equipped to use automation to deal with complaints.
Yes, for the good and the bad of it. Among the goodies, it should be feasible to to route spam reports so that a network provider gets a copy and forwards it to the relevant mailbox provider, thereby allowing the former to somehow control the latter.
Concur, though again the use of automation means that the network provider can turn a blind eye to it and claim that appropriate action is being taken... it doesn't inspire folks to manually check to ensure action is infact being taken, that reports aren't repeat in nature, etc.
This may also be covered by adequate policy dressing. For example, a mailbox provider may choose to ban authors from sending for a period of time proportional to the number of complaints. Such policy can be verified by looking at the "auth" property of reported messages --along with a bunch of methods to validate authentication policies for the relevant provider. This kind of treatment hinges on the ever-missing reputation system...
Whether a hand-written complaint should be sent to an abuse@ address depends on how report formats will take on.
My main personal frustration is that as a 'power' end-user, I read email in various ways; serverside commandline mail program, webmail tool, various pop3/imap tools. At work i'm either using the COE email application or a CRM system that manages email. None of these will support a common, standards-driven method of generating abuse@ reports for spam, etc, for some time. In the meantime i'm constantly frustrated by the time that i'm obliged to waste either a) reporting abuse in the method that ISP X demands, or b) trashing large volumes of junk because to do anything else would taken even _ longer_.
Mailbox providers should help here. The entity responsible for accepting a message may want to provide the means for reporting it as spam, including any required formatting. IMAP allows for considerable optimizations for such kind of actions. For POP3, it has been proposed to submit reports to the abuse-mailbox at the server indicated in the Authentication-Results field (the authserv-id of RFC 5451, Section 2.3, in case it is actually a fully-qualified domain name). In any case, reporting through the receiver gives it a chance to adjust its reputation and Bayesian records.
I'm not averse to standard (infact i'm a big fan) but i'm also a big fan of ensuring a human remains in the loop and able to accept reports that're not within the standard format, at least until it's reasonable to expect _everyone_ to be using the standard format (which could take years)...
The fact remains that reading the body of messages reported as spam is a frustrating job that no human would want to routinely undertake. OTOH, there will always be unusual abuse cases that deserve human intelligence.