Received: from mrout2-b.corp.dcn.yahoo.com (mrout2-b.corp.dcn.yahoo.com [216.109.112.28]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j58N456o032079 for ; Wed, 8 Jun 2005 16:04:06 -0700 Received: from [66.228.167.95] (jdfalk-mac.corp.yahoo.com [66.228.167.95]) by mrout2-b.corp.dcn.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id j58N2p2o038798 for ; Wed, 8 Jun 2005 16:02:51 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; s=serpent; d=yahoo-inc.com; c=nofws; q=dns; h=message-id:date:from:organization:user-agent: x-accept-language:mime-version:to:subject:references:in-reply-to:content-type; b=pbi6fgPR3r7P/wAXE+QUS49RVirUpZ5vrNyLCg2PkJZUe/gQ6GRviJy9GFnbad8f Message-ID: <42A77917.9080804@yahoo-inc.com> Date: Wed, 08 Jun 2005 16:02:47 -0700 From: "J.D. Falk" Organization: Yahoo! User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041206 Thunderbird/1.0 Mnenhy/0.6.0.104 X-Accept-Language: en-us, en MIME-Version: 1.0 To: abuse-feedback-report@mipassoc.org Subject: Re: draft-jevans-phishing-xml (was Re: [feedback-report] [Fwd: RE: Usage Scenarios]) References: <42A06DC9.8030201@solidmatrix.com> <42A77369.8040204@yahoo-inc.com> In-Reply-To: Content-Type: multipart/alternative; boundary="------------060008050906050707050208" X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: jdfalk@yahoo-inc.com X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2005 23:04:20 -0000 This is a multi-part message in MIME format. --------------060008050906050707050208 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 6/8/05 4:18 PM, William Leibzon wrote: >And personally I think for feedback reports XML is the future with simple >field data serving as quick way to classify the many reports received, >but as it is simple, its easier to agree on and qucker to deploy and >that seems the current issue. > > And in my experience, mail engineers hate XML with a passion usually reserved only for emacs vs. vi debates. Let's throw both out into the wild and see what sticks. -- J.D. Falk, Anti-spam Product Manager, Yahoo! Mail jdfalk@yahoo-inc.com --------------060008050906050707050208 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 6/8/05 4:18 PM, William Leibzon wrote: 
And personally I think for feedback reports XML is the future with simple
field data serving as quick way to classify the many reports received,
but as it is simple, its easier to agree on and qucker to deploy and
that seems the current issue.
And in my experience, mail engineers hate XML with a passion usually reserved only for emacs vs. vi debates.

Let's throw both out into the wild and see what sticks.
-- 
J.D. Falk, Anti-spam Product Manager, Yahoo! Mail
jdfalk@yahoo-inc.com
--------------060008050906050707050208-- Received: from mail.completewhois.com (cwhois1.completewhois.com [216.151.192.222]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j58MoX62031198 for ; Wed, 8 Jun 2005 15:50:33 -0700 Received: by mail.completewhois.com (Postfix, from userid 500) id DB72F18B2D; Wed, 8 Jun 2005 16:18:58 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.completewhois.com (Postfix) with ESMTP id D7BFC4C06B; Wed, 8 Jun 2005 16:18:58 -0700 (PDT) Date: Wed, 8 Jun 2005 16:18:58 -0700 (PDT) From: William Leibzon To: "J.D. Falk" Subject: Re: draft-jevans-phishing-xml (was Re: [feedback-report] [Fwd: RE: Usage Scenarios]) In-Reply-To: <42A77369.8040204@yahoo-inc.com> Message-ID: References: <42A06DC9.8030201@solidmatrix.com> <42A77369.8040204@yahoo-inc.com> MIME-Version: 1.0 Content-Type: MULTIPART/signed; BOUNDARY="-1747394880-799162881-1118272738=:10087"; protocol="application/x-pkcs7-signature"; micalg=sha1 X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: william@completewhois.com Cc: abuse-feedback-report@mipassoc.org X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2005 22:50:58 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. ---1747394880-799162881-1118272738=:10087 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed On Wed, 8 Jun 2005, J.D. Falk wrote: > I could see the two standards working in concert in a scenario such as > when a bunch of end users click "report phishing" button in their MUA, > which causes abuse feedback reports to be generated and sent to the > Message Sender's ISP; these individual reports are also aggregated into > a PhishingReport that is distributed to all of the different groups > which track phishing. What would be best is for header fields style system from Yakov's draft to become real mime header fields used for xml report data content type, with xml being the body when somebody needs and can use the functionality of more detailed report (but not being required). And personally I think for feedback reports XML is the future with simple field data serving as quick way to classify the many reports received, but as it is simple, its easier to agree on and qucker to deploy and that seems the current issue. --- William Leibzon mailto: william@completewhois.com Anti-Spam and Email Security Research Worksite: http://www.elan.net/~william/emailsecurity/ Whois & DNS Network Investigation Tools: http://www.completewhois.com ---1747394880-799162881-1118272738=:10087 Content-Type: APPLICATION/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: BASE64 Content-Description: S/MIME Cryptographic Signature Content-Disposition: attachment; filename="smime.p7s" MIIEWgYJKoZIhvcNAQcCoIIESzCCBEcCAQExCzAJBgUrDgMCGgUAMAsGCSqG SIb3DQEHAaCCAl8wggJbMIIBxKADAgECAgMMcrUwDQYJKoZIhvcNAQEEBQAw YjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJ c3N1aW5nIENBMB4XDTA0MDYwNTA5NDI0MVoXDTA1MDYwNTA5NDI0MVowSzEf MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEoMCYGCSqGSIb3DQEJ ARYZd2lsbGlhbUBjb21wbGV0ZXdob2lzLmNvbTCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEAxU1TG0vg2fYJeZ2TZ7cFst7hHB/83aN00wQS1cmKBpDA q3UgvHfcnltbJqmM0+Wfr35P7RDKGjCvqZTS6sDhXeEUDE1OgdwHsYv62TUr y94CQMVu6cctH3T+ajzQ9m1NmR0AT+uYQK7hwwcz70PB6T2troUUlcxFon+H 1jB1t1ECAwEAAaM2MDQwJAYDVR0RBB0wG4EZd2lsbGlhbUBjb21wbGV0ZXdo b2lzLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBACxJJGcY lC9YU8SQWQBr/lzwwk9coMdLKs7YsqcroT12o0UT+AKO+5Ec4VPE7OfBvz66 5w1sz41oAlZM2JggwDSJ8NeYCpLxUxk/1wx1BclPGuedYsRm7NO5CCQP4IO7 qlwgTwBkfkrLeadbUf9MMuOjURVwTKfVkT6qfX8bvbqzMYIBwzCCAb8CAQEw aTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls IElzc3VpbmcgQ0ECAwxytTAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzEL BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDYwODIzMTg1OFowIwYJ KoZIhvcNAQkEMRYEFIC2fb7oOENxoAdBnc/Gwt+DMY1LMFIGCSqGSIb3DQEJ DzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMC AgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIGA FcG6rpltQnwOSIffoZ4A5Hvvx2KTFOURiQ+qKobgBNuTxgTvPWUgZ2YdenMO OYLC9HWcWPBhy2/Ibpq9ymPCvrXWIrbBHwGbosFzbDEKRgHshV2/Wky5yjVg NAmg/mK8aRIJK+xKPmenl6DXxRdQeWv3w/t8WnB+WS2ncYFGusM= ---1747394880-799162881-1118272738=:10087-- Received: from mrout2.yahoo.com (mrout2.yahoo.com [216.145.54.172]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j58Mdtpv030709 for ; Wed, 8 Jun 2005 15:39:55 -0700 Received: from [66.228.167.95] (jdfalk-mac.corp.yahoo.com [66.228.167.95]) by mrout2.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id j58McbCj005417 for ; Wed, 8 Jun 2005 15:38:37 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; s=serpent; d=yahoo-inc.com; c=nofws; q=dns; h=message-id:date:from:organization:user-agent: x-accept-language:mime-version:to:subject:references:in-reply-to:content-type; b=OPuZ81Kc2Q4RrrEd5PZKrKwj+MWntrmA5JtSmqXIsGUCV1W9AjB25DqvrihpzaLb Message-ID: <42A77369.8040204@yahoo-inc.com> Date: Wed, 08 Jun 2005 15:38:33 -0700 From: "J.D. Falk" Organization: Yahoo! User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041206 Thunderbird/1.0 Mnenhy/0.6.0.104 X-Accept-Language: en-us, en MIME-Version: 1.0 To: abuse-feedback-report@mipassoc.org Subject: draft-jevans-phishing-xml (was Re: [feedback-report] [Fwd: RE: Usage Scenarios]) References: <42A06DC9.8030201@solidmatrix.com> In-Reply-To: <42A06DC9.8030201@solidmatrix.com> Content-Type: multipart/alternative; boundary="------------010007040308070409010203" X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: jdfalk@yahoo-inc.com X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2005 22:40:08 -0000 This is a multi-part message in MIME format. --------------010007040308070409010203 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 6/3/05 7:48 AM, Yakov Shafranovich forwarded: >I'd be interested in a sanity check on overlap with the jevans/cain >driven IODEF extensions for Phish reports >http://www.ietf.org/internet-drafts/draft-jevans-phishing-xml-00.txt > > [ . . . ] >Does anyone has informed opinions/comment on the areas where the two >overlap? > > Looking over draft-jevans-phishing-xml, I'd say the overlap in use cases is small. We should probably call out that an abuse feedback report with a Feedback-Type of "phishing" may in some circumstances serve the same purpose as a PhishingReport with a PhishType of "email", but the structure, requirements, and implied purpose of each format differ widely. I could see the two standards working in concert in a scenario such as when a bunch of end users click "report phishing" button in their MUA, which causes abuse feedback reports to be generated and sent to the Message Sender's ISP; these individual reports are also aggregated into a PhishingReport that is distributed to all of the different groups which track phishing. -- J.D. Falk, Anti-spam Product Manager, Yahoo! Mail jdfalk@yahoo-inc.com --------------010007040308070409010203 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 6/3/05 7:48 AM, Yakov Shafranovich forwarded: 
I'd be interested in a sanity check on overlap with the jevans/cain
driven IODEF extensions for Phish reports
http://www.ietf.org/internet-drafts/draft-jevans-phishing-xml-00.txt
 [ . . . ]
Does anyone has informed opinions/comment on the areas where the two
overlap?
Looking over draft-jevans-phishing-xml, I'd say the overlap in use cases is small.  We should probably call out that an abuse feedback report with a Feedback-Type of  "phishing" may in some circumstances serve the same purpose as a PhishingReport with a PhishType of "email", but the structure, requirements, and implied purpose of each format differ widely.

I could see the two standards working in concert in a scenario such as when a bunch of end users click "report phishing" button in their MUA, which causes abuse feedback reports to be generated and sent to the Message Sender's ISP; these individual reports are also aggregated into a PhishingReport that is distributed to all of the different groups which track phishing.
-- 
J.D. Falk, Anti-spam Product Manager, Yahoo! Mail
jdfalk@yahoo-inc.com
--------------010007040308070409010203-- Received: from manet.hmdnsgroup.com (manet.hmdnsgroup.com [63.247.133.3]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j53JKenl012684 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 3 Jun 2005 12:20:40 -0700 Received: from 157.sub-70-212-152.myvzw.com ([70.212.152.157] helo=[192.168.0.66]) by manet.hmdnsgroup.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.50) id 1DeHhv-0000Qw-5i; Fri, 03 Jun 2005 15:19:52 -0400 Message-ID: <42A0AD4E.7040606@solidmatrix.com> Date: Fri, 03 Jun 2005 15:19:42 -0400 From: Yakov Shafranovich Organization: SolidMatrix Technologies, Inc. User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Anne P. Mitchell, Esq." Subject: Re: [feedback-report] Re: Usage Scenarios References: <200506031900.j53J01at011504@sb7.songbird.com> <6d5f411bc5265d74fd9a947165769263@isipp.com> <42A0ABD3.9070109@solidmatrix.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-HMDNSGroup-MailScanner-Information: Please contact the ISP for more information X-HMDNSGroup-MailScanner: Found to be clean X-MailScanner-From: yakovs@solidmatrix.com X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - manet.hmdnsgroup.com X-AntiAbuse: Original Domain - mipassoc.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - solidmatrix.com X-Source: X-Source-Args: X-Source-Dir: X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: yakovs@solidmatrix.com Cc: abuse-feedback-report@mipassoc.org X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2005 19:20:43 -0000 Anne P. Mitchell, Esq. wrote: > >>> We were very interested in a #6, which Josh Baer mentioned at the BOF: >>> 6. Reporters secondarily reporting back to reputation and >>> accreditation lists. This is intended for lists such as our IADB, >>> Habeas, and BSP to be copied on reports where the reported sender is >>> listed on one of these lists. >>> We understand that this is not on the spec table at the moment, but >>> with the possiblity having been raised we'd like to give it our support. >> >> >> I assumed originally that this is included in #1 since feedback to >> email senders (i.e. feedback loops) are also intended for their >> accreditation/reputation providers. > > > Ah, that makes sense. During the BOF the impression was of it being a > separate function, but perhaps I misunderstood. > This is my personal understanding, it may very possibly be that others do not see it that way. > By the way, Yakov, thank you for remembering that I usually digest > mailing lists, and cc:ing me! > No prob! Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j53JIVpf012534 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Fri, 3 Jun 2005 12:18:31 -0700 Received: from [192.168.0.247] (adsl-64-165-36-235.dsl.snfc21.pacbell.net [64.165.36.235]) (authenticated bits=0) by a.mail.sonic.net (8.13.3/8.13.3) with ESMTP id j53JHf0n031817 for ; Fri, 3 Jun 2005 12:17:41 -0700 Mime-Version: 1.0 (Apple Message framework v622) In-Reply-To: <42A0ABD3.9070109@solidmatrix.com> References: <200506031900.j53J01at011504@sb7.songbird.com> <6d5f411bc5265d74fd9a947165769263@isipp.com> <42A0ABD3.9070109@solidmatrix.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: abuse-feedback-report@mipassoc.org From: "Anne P. Mitchell, Esq." Subject: Re: [feedback-report] Re: Usage Scenarios Date: Fri, 3 Jun 2005 12:17:40 -0700 X-Mailer: Apple Mail (2.622) X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: amitchell@isipp.com X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2005 19:18:42 -0000 >> We were very interested in a #6, which Josh Baer mentioned at the BOF: >> 6. Reporters secondarily reporting back to reputation and >> accreditation lists. This is intended for lists such as our IADB, >> Habeas, and BSP to be copied on reports where the reported sender is >> listed on one of these lists. >> We understand that this is not on the spec table at the moment, but >> with the possiblity having been raised we'd like to give it our >> support. > > I assumed originally that this is included in #1 since feedback to > email senders (i.e. feedback loops) are also intended for their > accreditation/reputation providers. Ah, that makes sense. During the BOF the impression was of it being a separate function, but perhaps I misunderstood. By the way, Yakov, thank you for remembering that I usually digest mailing lists, and cc:ing me! Anne Received: from manet.hmdnsgroup.com (manet.hmdnsgroup.com [63.247.133.3]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j53JEOa5012280 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 3 Jun 2005 12:14:25 -0700 Received: from 157.sub-70-212-152.myvzw.com ([70.212.152.157] helo=[192.168.0.66]) by manet.hmdnsgroup.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.50) id 1DeHbr-0008Ae-Bi; Fri, 03 Jun 2005 15:13:35 -0400 Message-ID: <42A0ABD3.9070109@solidmatrix.com> Date: Fri, 03 Jun 2005 15:13:23 -0400 From: Yakov Shafranovich Organization: SolidMatrix Technologies, Inc. User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Anne P. Mitchell, Esq." Subject: Re: [feedback-report] Re: Usage Scenarios References: <200506031900.j53J01at011504@sb7.songbird.com> <6d5f411bc5265d74fd9a947165769263@isipp.com> In-Reply-To: <6d5f411bc5265d74fd9a947165769263@isipp.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-HMDNSGroup-MailScanner-Information: Please contact the ISP for more information X-HMDNSGroup-MailScanner: Found to be clean X-MailScanner-From: yakovs@solidmatrix.com X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - manet.hmdnsgroup.com X-AntiAbuse: Original Domain - mipassoc.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - solidmatrix.com X-Source: X-Source-Args: X-Source-Dir: X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: yakovs@solidmatrix.com Cc: abuse-feedback-report@mipassoc.org X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2005 19:14:41 -0000 Anne P. Mitchell, Esq. wrote: > >> 1. Feedback loops - ISPs providing reports back to email senders about >> spam reports from their users (like SCOMP at AOL). > > ... > > We were very interested in a #6, which Josh Baer mentioned at the BOF: > > 6. Reporters secondarily reporting back to reputation and accreditation > lists. This is intended for lists such as our IADB, Habeas, and BSP to > be copied on reports where the reported sender is listed on one of these > lists. > > We understand that this is not on the spec table at the moment, but with > the possiblity having been raised we'd like to give it our support. > I assumed originally that this is included in #1 since feedback to email senders (i.e. feedback loops) are also intended for their accreditation/reputation providers. Yakov Received: from b.mail.sonic.net (b.mail.sonic.net [64.142.19.5]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j53J9Zjl012022 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Fri, 3 Jun 2005 12:09:35 -0700 Received: from [192.168.0.247] (adsl-64-165-36-235.dsl.snfc21.pacbell.net [64.165.36.235]) (authenticated bits=0) by b.mail.sonic.net (8.13.3/8.13.3) with ESMTP id j53J8jie002631 for ; Fri, 3 Jun 2005 12:08:45 -0700 Mime-Version: 1.0 (Apple Message framework v622) In-Reply-To: <200506031900.j53J01at011504@sb7.songbird.com> References: <200506031900.j53J01at011504@sb7.songbird.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <6d5f411bc5265d74fd9a947165769263@isipp.com> Content-Transfer-Encoding: 7bit From: "Anne P. Mitchell, Esq." Date: Fri, 3 Jun 2005 12:08:44 -0700 To: abuse-feedback-report@mipassoc.org X-Mailer: Apple Mail (2.622) X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: amitchell@isipp.com Subject: [feedback-report] Re: Usage Scenarios X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2005 19:09:40 -0000 > 1. Feedback loops - ISPs providing reports back to email senders about > spam reports from their users (like SCOMP at AOL). ... > 2. ISP-to-ISP reporting - ISPs exchanging reports among themselves - ... > 3. Users reporting spam to their ISP ... > 4. Users reporting spam to aggregate services - this would be intended > for services like SpamCop where users can report their spam via MUAs > and > the service will process them further before sending them off. ... > 5. Users to ISP reporting - this would allow regular users to report > spam directly to ISPs. ... We were very interested in a #6, which Josh Baer mentioned at the BOF: 6. Reporters secondarily reporting back to reputation and accreditation lists. This is intended for lists such as our IADB, Habeas, and BSP to be copied on reports where the reported sender is listed on one of these lists. We understand that this is not on the spec table at the moment, but with the possiblity having been raised we'd like to give it our support. Anne Received: from manet.hmdnsgroup.com (manet.hmdnsgroup.com [63.247.133.3]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j53EnfPl026933 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 3 Jun 2005 07:49:42 -0700 Received: from 235.sub-70-216-136.myvzw.com ([70.216.136.235] helo=[192.168.0.66]) by manet.hmdnsgroup.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.50) id 1DeDTf-0002jU-WC for abuse-feedback-report@mipassoc.org; Fri, 03 Jun 2005 10:48:52 -0400 Message-ID: <42A06DC9.8030201@solidmatrix.com> Date: Fri, 03 Jun 2005 10:48:41 -0400 From: Yakov Shafranovich Organization: SolidMatrix Technologies, Inc. User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: abuse-feedback-report@mipassoc.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-HMDNSGroup-MailScanner-Information: Please contact the ISP for more information X-HMDNSGroup-MailScanner: Found to be clean X-MailScanner-From: yakovs@solidmatrix.com X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - manet.hmdnsgroup.com X-AntiAbuse: Original Domain - mipassoc.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - solidmatrix.com X-Source: X-Source-Args: X-Source-Dir: X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: yakovs@solidmatrix.com Subject: [feedback-report] [Fwd: RE: Usage Scenarios] X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2005 14:49:47 -0000 I am forwarding this message to the list since the original author is having problems posting himself. Yakov -------- Original Message -------- Subject: RE: FW: failure notice Date: Fri, 3 Jun 2005 14:40:33 +1000 From: David Jones I'd be interested in a sanity check on overlap with the jevans/cain driven IODEF extensions for Phish reports http://www.ietf.org/internet-drafts/draft-jevans-phishing-xml-00.txt They set out to allow reporting for any detection during the full lifecycle of a potential phish (not just when the message hits the wire) but our feedback to them is to tighten some structure to support aggregation (as per #3-#5 below). We currently provide aggregation to enforcement/regulators - and both initiatives (*sigh*) seem applicable. (In Yakov's email "[feedback-report] Feedback Types" at least #2 and #5 intersect.) Does anyone has informed opinions/comment on the areas where the two overlap? Thanks and regards David > Yakov Shafranovich YakovS at solidmatrix.com > Wed May 25 15:08:13 PDT 2005 > > Previous message: [feedback-report] Feedback Types > Next message: [feedback-report] Re: I-D ACTION:draft-shafranovich-feedback-report-01.txt > Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] > > Prompted by a suggestion from Dave Crocker, I wanted to see if we can > come up with a list of possible usage scenarios for this format. Here > are some of my thoughts: > > 1. Feedback loops - ISPs providing reports back to email senders about > spam reports from their users (like SCOMP at AOL). This would imply that > the ISPs and email senders establish a relationship in some way (which > is out of scope for this spec). > > 2. ISP-to-ISP reporting - ISPs exchanging reports among themselves - > i.e. spam originating from ISP A's network going to ISP B, and ISP B > reporting it back to ISP A. This also implies some form of an > established relationship among ISPs. > > 3. Users reporting spam to their ISP - this would be like the "Report > Spam" function in AOL's and Yahoo's interfaces but on the MUA. In this > case, an ISP user (lets say Earthlink) would be able to report a spam > message arriving in his MUA (Outlook, pine, Thunderbird, etc.) to his > own ISP which would then aggregate and process them further before > taking some sort of action on them. This implies that the ISP has a way > of checking whether this user is actually theirs and would help in cases > where ISPs provide a "report spam" button in the webmail interface but > nothing for POP or IMAP users. > > 4. Users reporting spam to aggregate services - this would be intended > for services like SpamCop where users can report their spam via MUAs and > the service will process them further before sending them off. This > implies that the service has a way of checking if the user is actually > part of that service. > > 5. Users to ISP reporting - this would allow regular users to report > spam directly to ISPs. However, given that most ISPs and users will > probably not be able to do this properly, this scenario might not work > very well (but scenario #3 instead might). > > Yakov Received: from mrout2-b.corp.dcn.yahoo.com (mrout2-b.corp.dcn.yahoo.com [216.109.112.28]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j52LgDru006685 for ; Thu, 2 Jun 2005 14:42:13 -0700 Received: from [66.228.167.95] (jdfalk-mac.corp.yahoo.com [66.228.167.95]) by mrout2-b.corp.dcn.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id j52LewCx083307 for ; Thu, 2 Jun 2005 14:40:59 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; s=serpent; d=yahoo-inc.com; c=nofws; q=dns; h=message-id:date:from:organization:user-agent: x-accept-language:mime-version:to:subject:references:in-reply-to:content-type; b=y0S7dZhfM7RDGRcMTc+5khNz02QJrBDqamOkyiGpp3TotrKKiJGnPd9kUZufDP6W Message-ID: <429F7CE9.6040204@yahoo-inc.com> Date: Thu, 02 Jun 2005 14:40:57 -0700 From: "J.D. Falk" Organization: Yahoo! User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041206 Thunderbird/1.0 Mnenhy/0.6.0.104 X-Accept-Language: en-us, en MIME-Version: 1.0 To: abuse-feedback-report@mipassoc.org Subject: Re: [feedback-report] INBOX BOF References: <429F78CA.1090300@yahoo-inc.com> In-Reply-To: <429F78CA.1090300@yahoo-inc.com> Content-Type: multipart/alternative; boundary="------------010203010401010100080907" X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: jdfalk@yahoo-inc.com X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jun 2005 21:42:14 -0000 This is a multi-part message in MIME format. --------------010203010401010100080907 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 6/2/05 2:23 PM, J.D. Falk wrote: > I'll put the presentation online in an appropriate public place later > today or tomorrow, or e-mail me if you want a copy immediately. And, here it is: http://public.yahoo.com/~jdfalk/con/2005/inbox%2006-05%20-%20fbl.html . -- J.D. Falk, Anti-spam Product Manager, Yahoo! Mail jdfalk@yahoo-inc.com --------------010203010401010100080907 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 6/2/05 2:23 PM, J.D. Falk wrote:
I'll put the presentation online in an appropriate public place later today or tomorrow, or e-mail me if you want a copy immediately.
And, here it is: http://public.yahoo.com/~jdfalk/con/2005/inbox%2006-05%20-%20fbl.html .
-- 
J.D. Falk, Anti-spam Product Manager, Yahoo! Mail
jdfalk@yahoo-inc.com
--------------010203010401010100080907-- Received: from mrout2-b.corp.dcn.yahoo.com (mrout2-b.corp.dcn.yahoo.com [216.109.112.28]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id j52LOp2R005590 for ; Thu, 2 Jun 2005 14:24:51 -0700 Received: from [66.228.167.95] (jdfalk-mac.corp.yahoo.com [66.228.167.95]) by mrout2-b.corp.dcn.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id j52LNNTK081324 for ; Thu, 2 Jun 2005 14:23:23 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; s=serpent; d=yahoo-inc.com; c=nofws; q=dns; h=message-id:date:from:organization:user-agent: x-accept-language:mime-version:to:subject:content-type; b=Tt+6U2/cbtV9BdJlYuAWh74Q3yJtJNOww6kgL8gQP2fJTTl6NpMuzmgxufH1WDPQ Message-ID: <429F78CA.1090300@yahoo-inc.com> Date: Thu, 02 Jun 2005 14:23:22 -0700 From: "J.D. Falk" Organization: Yahoo! User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041206 Thunderbird/1.0 Mnenhy/0.6.0.104 X-Accept-Language: en-us, en MIME-Version: 1.0 To: abuse-feedback-report@mipassoc.org Content-Type: multipart/alternative; boundary="------------010702070508000203040402" X-SongbirdInformation: support@songbird.com for more information X-Songbird: Found to be clean X-Songbird-From: jdfalk@yahoo-inc.com Subject: [feedback-report] INBOX BOF X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jun 2005 21:25:08 -0000 This is a multi-part message in MIME format. --------------010702070508000203040402 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Yesterday evening Josh Baer, Dave Crocker, Mike Adkins and I led a BOF at the INBOX conference in San Jose, talking about this spec and related ideas. Not much to report -- everyone in attendance seemed to like the direction that we're going, and I'm sure a whole bunch of new folks will be joining the list shortly. One interesting suggest was to change User-Agent to Reporting-Agent or something like that, since the agent in question isn't knowingly invoked by an end user. I'll put the presentation online in an appropriate public place later today or tomorrow, or e-mail me if you want a copy immediately. I think the BOF was also recorded, but I'd bet INBOX will charge for copies. -- J.D. Falk, Anti-spam Product Manager, Yahoo! Mail jdfalk@yahoo-inc.com --------------010702070508000203040402 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Yesterday evening Josh Baer, Dave Crocker, Mike Adkins and I led a BOF at the INBOX conference in San Jose, talking about this spec and related ideas.  Not much to report -- everyone in attendance seemed to like the direction that we're going, and I'm sure a whole bunch of new folks will be joining the list shortly.

One interesting suggest was to change User-Agent to Reporting-Agent or something like that, since the agent in question isn't knowingly invoked by an end user.

I'll put the presentation online in an appropriate public place later today or tomorrow, or e-mail me if you want a copy immediately.  I think the BOF was also recorded, but I'd bet INBOX will charge for copies.
 
-- 
J.D. Falk, Anti-spam Product Manager, Yahoo! Mail
jdfalk@yahoo-inc.com
--------------010702070508000203040402--