This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Manual vs automated reports
- Previous message (by thread): [anti-abuse-wg] Manual vs automated reports
- Next message (by thread): [anti-abuse-wg] Manual vs automated reports
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tobias Knecht
tk at abusix.com
Wed Jul 25 12:17:13 CEST 2012
Hi everybody, >> So if there is no auto-abuse-mailbox, I'm afraid people will send >> automatic mails to the abuse-mailbox, which does not help at all. > > I agree, however that will leave us mostly where we are today -- so > the worst case is this, the best case is a win in the overall abuse > workflow. I do not agree. Hoping for win where risk can already be foreseen is imho not a good idea. The intent of the proposal is to make it easier for both receivers to publish their information and reporters to find the right information without any decision making involved. Having 2 per fuzzy definitions divided email addresses does not make things any easier neither for the reporter nor for the receiver. And since both addresses will be published you will end up again in receiving spam on both addresses which destroys the benefit of it. The overall workflow is defined by the receiver. And how difficult is it to setup a few filters to move things into the right bin? It's what people do today and what people can adjust easily by themselves. Much more easy than write an email and hope for response to some reporter who has a different view or not understand the fuzzy definitions. >> The second point is, that we complicate things for the reporter >> again. Not the ones that know how to do it, but the ones that are >> not sure about it. > > I think we'll just keep educating them -- but we'll have better tools > at our disposal. For education you need clear definitions and even then you'll run into things that can not be cleared up 100%. >> And the third and biggest issue I have with it is the definition. >> What is automatic and what is not? Having a spamtrap system >> reporting in ARF for example without any user interaction is >> clearly automatic. But clicking a spam-button and reporting things >> in a feedback loop also in ARF is manual? Or automatic? Or >> something in between? > > True, perhaps "automatic" is not the right term -- perhaps "bulk" or > "high volume" lends itself to an easier to apply scenario. What I > wanted to encode with my choice of words was the fact that the > recipient would be getting a large number of reports with similar > structure -- either machine readable or not. To come back to definitions. Sorry for that ;-) What is high volume? What is the same structure? Only the same formats? Or the same incident type? Clearing up these definitions is not possible because of the different views of receivers and reporters. It's the same discussion as about trustworthiness of reporters. It's a personal subjective view. >> At the end it does not care, since both scenarios are in the same >> format and probably run through the same scripts or into the same >> mailbox/folder/bin/... > > Perhaps, perhaps not. We cannot assume anything about the abuse > report processing workflow. For instance, you might give more > credence to SpamCop reports than to AOL FBLs (or the other way > around) so the processing might be different. Right so the data sending part is the same and every receiver has to decide how he wants to process and has to build these mechanisms in the way he likes most. And he can change these processes as often as he wants. And he can be sure, that there is exactly one way that is not changing which is how he will get the information he needs. >> Imho the easier way is to move and forward (Divide) the reports on >> a receiver side exactly in the way the receiver wants to process >> (conquer) them. This way the receiver has its processes completely >> under control. >> >> I hope I was able to phrase my concerns in an understandable way. >> But never the less thank you very much for your input and please >> feel free to destroy my concerns. > > I think your concerns are valid and were easy to understand. I also > think that there's value in providing a better mechanism for the > receiver. Receivers who want to do everything through a single > channel, could set the two addresses to the same value. Receivers who > want to action them through separate pipelines, now will have a way > to do that. I do not see the advantage since there are the tools (filters, abuse handling software, ...) that takes care of this and make things more complicated on another part. Make it simple and keep it simple is imho more important than hoping for a benefit that might never exist. > Receivers who prefer not to receive bulk abuse reports, > can signal that. And this is not an option imho. Which has partly to do with European law, which would go to far now. Thanks, Tobias
- Previous message (by thread): [anti-abuse-wg] Manual vs automated reports
- Next message (by thread): [anti-abuse-wg] Manual vs automated reports
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]