Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.205]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k5MJwM2Z020575 for ; Thu, 22 Jun 2006 12:58:22 -0700 Received: by nz-out-0102.google.com with SMTP id 8so538444nzo for ; Thu, 22 Jun 2006 12:57:52 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=hDyp8NPGRj8cJd9vjJWAHNnPxoX9/Cf4QExmTVM8weEbKpp0+/fT69xxeL0xQGRG1Bs5lXsFQwtcw64O19mVaxKLKqpNfcVB9cJKz0qyYrPYBIlHfOPClXNLbpQQkxs9VT5v73oOH7bRmkuxdIGoks/CJvIK3WXZNNYs9T1rzbA= Received: by 10.65.163.4 with SMTP id q4mr2319315qbo; Thu, 22 Jun 2006 12:57:49 -0700 (PDT) Received: by 10.65.61.15 with HTTP; Thu, 22 Jun 2006 12:57:48 -0700 (PDT) Message-ID: Date: Thu, 22 Jun 2006 15:57:48 -0400 From: "Damon Sauer" To: abuse-feedback-report@mipassoc.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_8364_21113578.1151006268275" X-SongbirdInformation: support@songbird.com for more information X-Songbird: Clean X-Songbird-From: qvantvs@gmail.com Subject: [feedback-report] ARF and MIME attachments X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jun 2006 19:58:24 -0000 ------=_Part_8364_21113578.1151006268275 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi all! Sorry I'm late! (nods to my friends and handshakes all around) I have been reading the archives as quickly as I can and noticed the latest issue was over MIME. I can understand both sides of the argument and I agree that some company that shall remain nameless really did us a disservice by trying to render EVERYTHING in an envelope even if it was not supposed to. Why not just use: "Content-Type: multipart/digest;" (ref= http://www.w3.org/Protocols/rfc1341/7_2_Multipart.html ) It defaults the entire message to: message/rfc22 You can put the different parts of the complaint into their own capsule for people reading with a MIME enabled reader - there by rendering it 'safe'... and it would also follow a nice format for automated/programmatic readers/scripts to parse. Just a thought.... Regards, Damon Sauer ------=_Part_8364_21113578.1151006268275 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
Hi all! Sorry I'm late! (nods to my friends and handshakes all around)
 
I have been reading the archives as quickly as I can and noticed the latest issue was over MIME.
 
I can understand both sides of the argument and I agree that some company that shall remain nameless really did us a disservice by trying to render EVERYTHING in an envelope even if it was not supposed to. </soapbox>
 
Why not just use: "Content-Type: multipart/digest;" (ref= http://www.w3.org/Protocols/rfc1341/7_2_Multipart.html )
 
It defaults the entire message to: message/rfc22
 
 
You can put the different parts of the complaint into their own capsule for people reading with a MIME enabled reader - there by rendering it 'safe'... and it would also follow a nice format for automated/programmatic readers/scripts to parse.
 
Just a thought....
 
Regards,
Damon Sauer
 
 
------=_Part_8364_21113578.1151006268275-- Received: from backbone.schlitt.net (schlitt.net [67.52.51.34]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k5K4LZIM030966 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for ; Mon, 19 Jun 2006 21:21:36 -0700 Received: from wayne by backbone.schlitt.net with local (Exim 4.52) id 1FsXjT-0004DJ-PD for abuse-feedback-report@mipassoc.org; Mon, 19 Jun 2006 23:21:05 -0500 From: wayne To: abuse-feedback-report@mipassoc.org Content-Type: text/plain; charset=US-ASCII Date: Mon, 19 Jun 2006 23:20:54 -0500 Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) XEmacs/21.4.17 (linux) MIME-Version: 1.0 X-SA-Exim-Connect-IP: X-SA-Exim-Rcpt-To: abuse-feedback-report@mipassoc.org X-SA-Exim-Mail-From: wayne@schlitt.net X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on backbone.schlitt.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00, SUBJ_HAS_UNIQ_ID autolearn=ham version=3.0.4 X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100) X-SA-Exim-Scanned: Yes (on backbone.schlitt.net) X-SongbirdInformation: support@songbird.com for more information X-Songbird: Clean X-Songbird-From: wayne@schlitt.net Subject: [feedback-report] comments on draft-shafranovich-feedback-report-01 X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2006 04:21:41 -0000 Hi everyone Yesterday, I sent an email to Yakov about this draft, and as somewhat of a result, I've stumbled across this mailing list. I haven't heard back from Yakov yet, but I figured I would resend my comments to this list. As I mentioned in my first sentence to Yakov, I'm not involved with abuse desk issues so I'll probably stay out of most of these discussions. I also think that my comments about the authenticated-results header are probably best dealt with on mail-vet-discuss list, so I will make a post there with a more thought-out message. (For example, I see that there *is* a new I-D for this header and many comments have already been addressed.) [note: I edited this slightly for spelling, it is not identical to what Yakov received] --- cut here --- Hi Yakov! Not being involved with abuse desk issues, I've not followed the work on having a common feedback report format much. I stumbled across a fairly recent reference to it today, and decided to see how things were going. (See http://www.politechbot.com/2006/04/15/debate-over-dearaolcom/ ) I wrote up the following two comments on your draft before I noticed that the draft had actually expired. Before I continue reviewing it, I would like to know if this still an active project. Are you interested in comments on it? Is there a newer version I should review instead? In section 5.3, you mention the Authentication-Results [header]. In my opinion, using this header is not a good idea. I really like [the] theory of using one common header for all the email authentication systems, but in practice, I don't think it will work well. We did not decide to use it for the SPF RFC and I'm pretty sure that the DKIM folks have decided not to use it either. There are two major reasons, which I present both to the SPF folks and to the DKIM folks. First off, when the draft was last reviewed by various IETF lists, there were *many* problems pointed out, [both] in format and in substance. Worse, the draft had expired and did not look like it would be updated any time soon. This was a killer for SPF since we were very far along on the RFC process and didn't want to be stuck waiting on this draft as a dependency. Secondly, and in my opinion, probably more serious is that it tries to unify the authentication results that really aren't semantically the same. What it means for an SPF "PASS" is different from a DKIM "PASS", although they are fairly close. There is a much larger difference between what it means for an SPF "FAIL" and a DKIM "FAIL". DKIM signatures can fail in many ways, either due to corruption during transmission, expired keys, attempts at forged signatures, the dissallowance of third party signing, and probably a few other reasons. Trying to create a common authentication result header is really not that different than trying to create a spam filter result header. It would be neat if you really could boil everything down to a common, interchangable result, but in practice a spammassassin result is going to have different semantics than a postini result. Also in section 5.3, you reference RFC1035 section 2.31 as the format of the domain name in the Reported-Domain: header. This definition is out of date and you should probably reference RFC3696 instead. The SPF RFC (RFC4408) has some ABNF for the TLD, but I think the USEFOR drafts have a more complete set of ANBF that matches RFC3696. --- cut here --- -wayne Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k54KaPvr006061 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 4 Jun 2006 13:36:25 -0700 Received: from [192.168.2.11] (64-142-13-68.dsl.static.sonic.net [64.142.13.68]) (authenticated bits=0) by a.mail.sonic.net (8.13.6/8.13.3) with ESMTP id k54KZp8p012493 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Sun, 4 Jun 2006 13:35:51 -0700 Subject: Re: [feedback-report] ARF and MIME attachments From: Douglas Otis To: Matthew Elvey In-Reply-To: <1149400913.26925.262994056@webmail.messagingengine.com> References: <1149400913.26925.262994056@webmail.messagingengine.com> Content-Type: text/plain Date: Sun, 04 Jun 2006 13:35:49 -0700 Message-Id: <1149453349.31940.23.camel@bash.adsl-64-142-13-68> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-4.fc4) Content-Transfer-Encoding: 7bit X-SongbirdInformation: support@songbird.com for more information X-Songbird: Clean X-Songbird-From: dotis@mail-abuse.org Cc: abuse-feedback-report@mipassoc.org X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jun 2006 20:36:30 -0000 On Sat, 2006-06-03 at 23:01 -0700, Matthew Elvey wrote: > Whether the advice is sound or not, it's true that it is common and > widely taken advice to refuse email containing MIME attachments. While this may be good advice for general users that utilize applications executing message content, the abuse@ account should not fall into this category. The ARF proposal does not require that the abuse@ mailbox only accept this format, but tools being generated make this format compliance easier. Manually inserted messages are more difficult to process because of the resulting broken structure. The abuse@ mailbox should not execute message script or code related content. Even without MIME, HTML formatted text messages might represent a risk. A service provider must read the abuse@, but should do so with a highly secure reader. Do you think MIME represents a serious threat, with respect to reading the text content? At least ARF information is exchanged as simple text. -Doug Received: from mail.skylist.com (mail.skylist.net [69.56.15.206]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k54JAu37025329 for ; Sun, 4 Jun 2006 12:10:56 -0700 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on mail.skylist.net X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=no version=2.64 X-Spam-Level: X-TFF-CGPSA-Version: 1.3.2 X-TFF-CGPSA-Filter: Scanned Received: from [66.25.151.20] (HELO [192.168.1.102]) by mail.skylist.com (CommuniGate Pro SMTP 4.3) with ESMTP id 56696522 for abuse-feedback-report@mipassoc.org; Sun, 04 Jun 2006 12:45:06 -0500 Mime-Version: 1.0 (Apple Message framework v750) In-Reply-To: <059B572D-C109-4359-AB9D-E14A8FB2364E@word-to-the-wise.com> References: <2406C6A9-AEB8-4D21-8E8E-62BF482D36FE@blighty.com> <059B572D-C109-4359-AB9D-E14A8FB2364E@word-to-the-wise.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <5E86E1CB-B4C3-4620-9EE4-27F1AF3CCB96@skylist.com> Content-Transfer-Encoding: 7bit From: Joshua Baer Subject: Re: [feedback-report] ARF and MIME attachments Date: Sun, 4 Jun 2006 12:45:06 -0500 To: abuse-feedback-report@mipassoc.org X-Mailer: Apple Mail (2.750) X-SongbirdInformation: support@songbird.com for more information X-Songbird: Clean X-Songbird-From: josh@skylist.com X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jun 2006 19:11:00 -0000 On Jun 4, 2006, at 10:42 AM, Steve Atkins wrote: >> >> What are the pluses of MIME? Existing, tested, probably reusable >> code >> and functionality. Is it worth it? )) > > Uhm, yes. Moving away from MIME would be a very bad decision. Steve, don't be so closed minded. While we're at it, we could take this opportunity to change the underlying architecture from binary to decimal. ~Josh Received: from m.wordtothewise.com (goliath.word-to-the-wise.com [208.187.80.130]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k54Fgsmo026996 for ; Sun, 4 Jun 2006 08:42:54 -0700 Received: from [10.3.2.7] (184.word-to-the-wise.com [208.187.80.184]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by m.wordtothewise.com (Postfix) with ESMTP id 9A89F106BC for ; Sun, 4 Jun 2006 08:42:23 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v750) References: <2406C6A9-AEB8-4D21-8E8E-62BF482D36FE@blighty.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <059B572D-C109-4359-AB9D-E14A8FB2364E@word-to-the-wise.com> Content-Transfer-Encoding: 7bit From: Steve Atkins Subject: Re: [feedback-report] ARF and MIME attachments Date: Sun, 4 Jun 2006 08:42:26 -0700 To: abuse-feedback-report@mipassoc.org X-Mailer: Apple Mail (2.750) X-SongbirdInformation: support@songbird.com for more information X-Songbird: Clean X-Songbird-From: steve@word-to-the-wise.com X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jun 2006 15:42:59 -0000 On Jun 3, 2006, at 11:01 PM, Matthew Elvey wrote: > As has been discussed before, It doesn't make sense for an ARF that > uses MIME to be used for messages currently sent by end-users to the > addresses that abuse.net gives out, typically abuse@. As long > as ARF is using MIME, this needs to be explicit in the draft, for > example: > > "ARF is not to be sent to the legacy standard abuse email address. > Instead it should only be sent to addresses that the sender > anticipates > will be prepared to handle it, such as arfreports@" > That's really not sensible. Only the most broken of ticketing systems and no MUAs that I'm aware of cannot handle MIME well. Even those broken ticketing systems can handle MIME as plain text perfectly well, as long as the embedded message has not been base64 encoded (which is something to avoid). While I believe that the primary use of ARF will be feedback loops amongst consenting adults, there is absolutely no reason not to send MIME emails to abuse@example.com. None. > > ((Alternately, MIME could be abandoned... I'm not clear that the > benefits of MIME outweigh the costs. > > Whether the advice is sound or not, it's true that it is common and > widely taken advice to refuse email containing MIME attachments. Anyone refusing MIME attachments is not going to be able to handle abuse reports in any other format in any useful manner. > > The need to delimit things could easily be done with simple delimiters > other than the ones MIME uses. > (This is obviously true; MIME is generally just a set of delimiters in > ASCII text; that's the only thing that SMTP servers universally > support.) > > Is there supposed to be some way that reporters will discover whether > ARF (or mail with attachments) is supported? > AFAIK, no. Any ARF report can be read easily with any working MUA or working ticketing system. It can even be read as plain text, with no MIME support at all. It's just ASCII. > > What are the pluses of MIME? Existing, tested, probably reusable code > and functionality. Is it worth it? )) Uhm, yes. Moving away from MIME would be a very bad decision. Cheers, Steve Received: from srve.com (copa.geek.net.au [203.217.18.13]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k549vMri013369 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Sun, 4 Jun 2006 02:57:24 -0700 Received: from BLANK (203-217-18-9.perm.iinet.net.au [203.217.18.9]) by srve.com (8.13.6/8.12.11) with ESMTP id k549ukIN031515 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for ; Sun, 4 Jun 2006 09:56:46 GMT Date: Sun, 4 Jun 2006 19:56:54 +1000 From: christopher@pobox.com X-Priority: 3 (Normal) Message-ID: <816434615.20060604195654@pobox.com> To: abuse-feedback-report@mipassoc.org Subject: Re: [feedback-report] ARF and MIME attachments In-Reply-To: <1149400913.26925.262994056@webmail.messagingengine.com> References: <1149400913.26925.262994056@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-SongbirdInformation: support@songbird.com for more information X-Songbird: Clean X-Songbird-From: christopher@pobox.com X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jun 2006 09:57:42 -0000 ME> As has been discussed before, It doesn't make sense for an ARF that ME> uses MIME to be used for messages currently sent by end-users to the [snip] ME> Alternately, MIME could be abandoned... I'm not clear that the ME> benefits of MIME outweigh the costs. [snip] Either you're a troll, or you've got no idea what you're talking about - let me re-phrase what you just said: " Lets make every ISP on the planet create a whole new abuse reporting email address, and lets create an entirely new incompatible standard for encapsulating emails, then make every ISP throw away all their existing MIME tools and write a plethora of *new* tools to read our new standard - oh yeah - and while we're at it - lets make every company that builds email clients and webmail systems implement our new standard too " Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com [66.111.4.27]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k5462Nsn019593 for ; Sat, 3 Jun 2006 23:02:23 -0700 Received: from frontend3.internal (frontend3.internal [10.202.2.152]) by frontend1.messagingengine.com (Postfix) with ESMTP id 7C66ED69D5E for ; Sun, 4 Jun 2006 02:01:51 -0400 (EDT) Received: from web2.messagingengine.com ([10.202.2.211]) by frontend3.internal (MEProxy); Sun, 04 Jun 2006 02:01:53 -0400 Received: by web2.messagingengine.com (Postfix, from userid 99) id 305A51BC; Sun, 4 Jun 2006 02:01:53 -0400 (EDT) Message-Id: <1149400913.26925.262994056@webmail.messagingengine.com> X-Sasl-Enc: Pe5xAgnPrbSW7LH+kmew9qgJKr1TKl7spiad2zWxEdnQ 1149400913 From: "Matthew Elvey" To: abuse-feedback-report@mipassoc.org Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-Mailer: MIME::Lite 5022 (F2.72; T1.15; A1.62; B3.04; Q3.03) Date: Sat, 03 Jun 2006 23:01:53 -0700 X-SongbirdInformation: support@songbird.com for more information X-Songbird: Clean X-Songbird-From: matthew@elvey.com Subject: [feedback-report] ARF and MIME attachments X-BeenThere: abuse-feedback-report@mipassoc.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Public forum for discussion on the feedback-report draft List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jun 2006 06:02:35 -0000 As has been discussed before, It doesn't make sense for an ARF that uses MIME to be used for messages currently sent by end-users to the addresses that abuse.net gives out, typically abuse@. As long as ARF is using MIME, this needs to be explicit in the draft, for example: "ARF is not to be sent to the legacy standard abuse email address. Instead it should only be sent to addresses that the sender anticipates will be prepared to handle it, such as arfreports@" ((Alternately, MIME could be abandoned... I'm not clear that the benefits of MIME outweigh the costs. Whether the advice is sound or not, it's true that it is common and widely taken advice to refuse email containing MIME attachments. The need to delimit things could easily be done with simple delimiters other than the ones MIME uses. (This is obviously true; MIME is generally just a set of delimiters in ASCII text; that's the only thing that SMTP servers universally support.) Is there supposed to be some way that reporters will discover whether ARF (or mail with attachments) is supported? AFAIK, no. What are the pluses of MIME? Existing, tested, probably reusable code and functionality. Is it worth it? ))