Adding a junk button to MUAs: Difference between revisions
(→Via HTTP PUT or POST: mention blackhole.mx's plugin) |
|||
(22 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
Most web mail systems have a button a user can push to mark a message as junk, and report it back to their mail host. How would one add a similar junk button (JB) to a regular MUA? For the purposes of this discussion, the goal is to report the message back to the user's own mail system. They might further report it to the place the message came from, but that's a separate discussion. | Most web mail systems have a button a user can push to mark a message as junk, and report it back to their mail host. How would one add a similar junk button (JB) to a regular MUA? For the purposes of this discussion, the goal is to report the message back to the user's own mail system. They might further report it to the place the message came from, but that's a separate discussion. Also out of scope are other ways in which administrators respond to such reports, however it's worth noting that any response mechanism should be robust to false reports, whether they're malicious or accidental. | ||
Any scheme requires an upgrade or at least a plugin to the MUA. Different schemes require different amounts of changes to mail delivery and retrieval software. | Any scheme requires an upgrade or at least a plugin to the MUA. Different schemes require different amounts of changes to mail delivery and retrieval software. | ||
[[Image:Reportasjunk.png|thumb|right]] | |||
=How many buttons?= | |||
Existing webmail all has a single junk button, or (gmail) one button that pops up 'do you want to unsub?' if the message looks like it's from a list. | |||
Some people suggest multiple options, e.g., junk, unsub, don't want any more, etc. Examples cited include Twitter's use of "block" and "report for abuse". The difference is presumed to be the type of action that is requested. Note also that the labels will be language, and perhaps application specific. | |||
ARF has many of these options, but as far as we can tell the only ones ever used are junk (which it calls abuse) and virus, which scripts can identify automatically from EXE and ZIP signatures. | |||
=Sending back reported messages= | =Sending back reported messages= | ||
The two general approaches seem to be to send it back via the path it by which it was retrieved by the MUA, typically POP or IMAP, or to use a separate path, such as SMTP or SUBMIT. | The two general approaches seem to be to send it back via the path it by which it was retrieved by the MUA, typically POP or IMAP, or to use a separate path, such as SMTP or SUBMIT. A ''Consensus Call''<ref>{{list archive|msg=16048|subject=Consensus Call - submission via posting (was Re: Iteration #3)|from=Dave CROCKER|date=Sat, 06 Feb 2010 10:37:05 -0800}}</ref> has had 10 posts for ''normal posting'' | ||
<ref>{{list archive|msg=16049|from=Lyndon Nerenberg|date=Sat, 6 Feb 2010 11:50:58 -0700}}</ref> | |||
<ref>{{list archive|msg=16051|from=Chris Lewis|date=Sat, 6 Feb 2010 14:36:49 -0500}}</ref> | |||
<ref>{{list archive|msg=16057|from=Steve Atkins|date=Sat, 6 Feb 2010 12:42:06 -0800}}</ref> | |||
<ref>{{list archive|msg=16065|from=Dotzero|date=Sat, 6 Feb 2010 18:13:58 -0500}}</ref> | |||
<ref>{{list archive|msg=16070|from=Derek Diget|date=Sat, 06 Feb 2010 21:18:45 -0500 (EST)}}</ref> | |||
<ref>{{list archive|msg=16071|from=Bart Schaefer|date=Sat, 06 Feb 2010 18:46:53 -0800}}</ref> | |||
<ref>{{list archive|msg=16073|from=Alessandro Vesely|date=Sun, 07 Feb 2010 07:33:29 +0100}}</ref> | |||
<ref>{{list archive|msg=16099|from=John Levine|date=8 Feb 2010 14:14:03 -0000}}</ref> | |||
<ref>{{list archive|msg=16114|from=BOBOTEK, ALEX|date=Mon, 8 Feb 2010 08:50:12 -0800}}</ref> | |||
<ref>{{list archive|msg=16149|from=Bill Cole|date=Mon, 08 Feb 2010 23:11:57 -0500}}</ref> | |||
, 2 for ''specific to the mechanism for retrieving the message'' | |||
<ref>{{list archive|msg=16091|from=Ian Eiloart|date=Mon, 08 Feb 2010 12:43:13 +0000}}</ref> | |||
<ref>{{list archive|msg=16115|from=Andrew Richards|date=Mon, 08 Feb 2010 17:35:39 +0000}}</ref> | |||
, and 1 ambivalent | |||
<ref>{{list archive|msg=16189|from=Jose-Marcio Martins da Cruz|date=Tue, 09 Feb 2010 20:09:24 +0100}}</ref>. | |||
==Via the delivery path== | ==Via the delivery path== | ||
Line 16: | Line 39: | ||
===Via IMAP=== | ===Via IMAP=== | ||
* Add an IMAP Junk flag that the MUA can set. | * Add an IMAP Junk flag that the MUA can set, or a message annotation. | ||
''Pro:'' Easy to implement with IMAP. Self-configuring with IMAP, MUA can tell automatically if JB is available. Relatively secure since client has already logged in to server. | ''Pro:'' Easy to implement with IMAP. Self-configuring with IMAP, MUA can tell automatically if JB is available. Relatively secure since client has already logged in to server. | ||
Line 24: | Line 47: | ||
* Move messages to a specific subfolder such as Spam. | * Move messages to a specific subfolder such as Spam. | ||
''Pro:'' Already implemented at AOL, requires no protocol changes. Relatively secure since client has already logged in to server. | ''Pro:'' Already implemented at AOL and in dovecot-antispam, requires no protocol changes. Relatively secure since client has already logged in to server. | ||
''Con:'' Requires IMAP server (or back end at least) changes, adds a reserved folder name. | ''Con:'' Requires IMAP server (or back end at least) changes, adds a reserved folder name. Arguably better to annotate the folder (IMAP METADATA extension required) than to reserve a name, since the name may be language specific. Overloads the "junk" folder, which is a place where filters automatically place suspected junk. | ||
===Via POP=== | ===Via POP=== | ||
Line 45: | Line 68: | ||
==Via a separate path== | ==Via a separate path== | ||
The MUA could build an ARF report from the and send that report back to the server. | The MUA could build an ARF report from the reported message and send that report back to the server. | ||
''Overall pro:'' Server need not retain messages for potential report. Once configured, reporting system is independent of inbound path or server, not dependent on POP or IMAP. | ''Overall pro:'' Server need not retain messages for potential report. Once configured, reporting system is independent of inbound path or server, not dependent on POP or IMAP. | ||
''Overall con:'' Less secure than returning directly to incoming server | ''Overall con:'' Less secure than returning directly to incoming server. Reports are larger compared to an IMAP flag change or POP UIDL report. | ||
===Via SMTP=== | ===Via SMTP=== | ||
Line 61: | Line 84: | ||
===Via HTTP PUT or POST=== | ===Via HTTP PUT or POST=== | ||
* The MUA uploads the ARF report using HTTP PUT or POST. | * The MUA uploads the ARF report using HTTP PUT or POST. Besides the URL, configuration may also need user/password for authentication. | ||
''Pro:'' Faster and and more secure than SMTP, since communication is directly from MUA to server. | ''Pro:'' Faster and and more secure than SMTP, since communication is directly from MUA to server. Another pro is that it may be more compatible with junk reporting used for non-SMTP messaging protocols, such as SMS, MMS, various IM, and SIP-based ones. Finally, it may be simpler to develop in JavaScript; for example, the Thunderbird plugin offered by [http://blackhole.mx/ blackhole.mx] (abusix) uses <code>XMLHttpRequest()</code> to upload spam samples. | ||
''Con:'' Requires an HTTP server to accept reports, | ''Con:'' Requires an HTTP server to accept reports, and an HTTP client in the MUA to do a PUT or POST. These may challenges. | ||
=Configuring the MUA junk button= | =Configuring the MUA junk button= | ||
The MUA needs to know both whether a message can be reported as junk, and how to report it. We seem to agree that automatic configuration is better than manual. | The MUA needs to know both whether a message can be reported as junk, and how to report it. We seem to agree that automatic configuration is better than manual. | ||
==Per message approaches== | ==Per message approaches== | ||
At delivery time, the MDA adds a header that indicates that a JB is available, with configuration parameters such as the address to which to mail an ARF report. A likely candidate for the header would be an extended version of the [http://tools.ietf.org/html/rfc5451 Authentication-Results] header. | At delivery time, the MDA adds a header that indicates that a JB is available, with configuration parameters such as the address to which to mail an ARF report. A likely candidate for the header would be an extended version of the [http://tools.ietf.org/html/rfc5451 Authentication-Results] header<ref>{{list archive|msg=16125|subject=RFC5451 Re: who gets the report, was We really don't need|from=Chris Lewis|date=Mon, 8 Feb 2010 13:36:57 -0500}}</ref>. | ||
''Pro:'' No changes to retrieval protocol, independent of retrieval protocol. Can put different flags on different messages. Can potentially remain useful across forwarding or mail systems that consolidate mail by POP retrieval from others. | ''Pro:'' No changes to retrieval protocol, independent of retrieval protocol. Can put different flags on different messages. Can potentially remain useful across forwarding or mail systems that consolidate mail by POP retrieval from others. | ||
Line 87: | Line 110: | ||
The POP CAPA command and IMAP CAPABILITY command allow MUAs to query what a server can do. For schemes that report directly to the retrieval server, the MUA can see if the reporting command(s) are available. For schemes that return the report via a different path, a simple command could return configuration info. | The POP CAPA command and IMAP CAPABILITY command allow MUAs to query what a server can do. For schemes that report directly to the retrieval server, the MUA can see if the reporting command(s) are available. For schemes that return the report via a different path, a simple command could return configuration info. | ||
''Pro:'' Secure since MUA already logs into server, protocol and server changes are relatively simple. | ''Pro:'' Secure since MUA already logs into server, protocol and server changes are relatively simple. Config can be per-account, which might be useful for servers that handle multiple resellers. | ||
''Con;'' Still requires protocol and server changes. | ''Con;'' Still requires protocol and server changes. | ||
Line 93: | Line 116: | ||
===Metadata in the DNS=== | ===Metadata in the DNS=== | ||
Publish configuration info in the DNS using names based on server names, e.g., | * Publish configuration info in the DNS using names based on server names<ref>{{list archive|msg=16147|subject=who has the message (was Re: Consensus Call - submission via posting (was Re: Iteration #3))|from=Dave CROCKER|date=Mon, 08 Feb 2010 17:39:23 -0800}}</ref>, e.g., | ||
_report.pop.example.com TXT "arfreport@example.com" | _report.pop.example.com TXT "r=arfreport@example.com" | ||
:Note that this record syntax is being considered for use by the mail host to send the report back to the relevant source.<ref>J.D. Falk (July 27, 2011). "[http://tools.ietf.org/html/draft-ietf-marf-reporting-discovery A DNS TXT Record for Advertising and Discovering Willingness to Provide or Receive ARF Reports]" ''MARF WG''. IETF. Retrieved on August 03, 2011.</ref> | |||
''Pro:'' No changes to MDA, retrieval protocol or software. Easy to configure in MUAs that can make DNS queries (most of them, presumably). | ''Pro:'' No changes to MDA, retrieval protocol or software. Easy to configure in MUAs that can make DNS queries (most of them, presumably). | ||
''Con:'' New requirement to manage host names that refer to POP or IMAP server. Servers may have multiple names (thousands in some cases) via CNAME or multiple A records requiring a lot of DNS maintenance for any change. Servers may be accessed via tunnels or proxies that | ''Con:'' New requirement to manage host names that refer to POP or IMAP server. Servers may have multiple names (thousands in some cases) via CNAME or multiple A records requiring a lot of DNS maintenance for any change. Servers may be accessed via tunnels or proxies that don't provide the server name. All users of the same server get the same metadata, unless they refer to it by different names in which case maybe they don't. | ||
If a server has many CNAMEs pointing at one A record, a variant would be for the MUA to resolve all the CNAMEs and look for the metadata near the name of the A record, e.g. | * If a server has many CNAMEs pointing at one A record, a variant would be for the MUA to resolve all the CNAMEs and look for the metadata near the name of the A record, e.g. | ||
pop.example.com CNAME | pop.example.com CNAME poppy.example.net | ||
_report. | _report.poppy.example.net TXT "r=arfreport@example.net" | ||
''Pro:'' Addresses multiple CNAME problem. | ''Pro:'' Addresses multiple CNAME problem. | ||
''Con:'' Only partial solution, doesn't address multiple A, tunnel, etc. Unusual DNS usage may be hard to implement or have subtle problems | ''Con:'' Only partial solution, doesn't address multiple A, tunnel, etc. Unusual DNS usage may be hard to implement or have subtle problems evident to DNS weeenies. | ||
=See also= | |||
* [[Abuse Reporting]] | |||
* The [http://www.ietf.org/dyn/wg/charter/marf-charter.html marf] (Messaging Abuse Reporting Format) IETF's WG. That charter comprises the issue of publishing somehow the address to which abuse reports should be sent. | |||
=References= | |||
<References /> |
Latest revision as of 05:55, 6 March 2012
Most web mail systems have a button a user can push to mark a message as junk, and report it back to their mail host. How would one add a similar junk button (JB) to a regular MUA? For the purposes of this discussion, the goal is to report the message back to the user's own mail system. They might further report it to the place the message came from, but that's a separate discussion. Also out of scope are other ways in which administrators respond to such reports, however it's worth noting that any response mechanism should be robust to false reports, whether they're malicious or accidental.
Any scheme requires an upgrade or at least a plugin to the MUA. Different schemes require different amounts of changes to mail delivery and retrieval software.
How many buttons?
Existing webmail all has a single junk button, or (gmail) one button that pops up 'do you want to unsub?' if the message looks like it's from a list.
Some people suggest multiple options, e.g., junk, unsub, don't want any more, etc. Examples cited include Twitter's use of "block" and "report for abuse". The difference is presumed to be the type of action that is requested. Note also that the labels will be language, and perhaps application specific.
ARF has many of these options, but as far as we can tell the only ones ever used are junk (which it calls abuse) and virus, which scripts can identify automatically from EXE and ZIP signatures.
Sending back reported messages
The two general approaches seem to be to send it back via the path it by which it was retrieved by the MUA, typically POP or IMAP, or to use a separate path, such as SMTP or SUBMIT. A Consensus Call[1] has had 10 posts for normal posting [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] , 2 for specific to the mechanism for retrieving the message [12] [13] , and 1 ambivalent [14].
Via the delivery path
Most but not all MUAs retrieve mail with IMAP or POP.
Overall pro: Reports are secure, since they're returned directly to the mail system. Configuration is likely to be automatic.
Overall con: Requires changes to multiple protocols and to server software. Changes to POP are severe.
Via IMAP
- Add an IMAP Junk flag that the MUA can set, or a message annotation.
Pro: Easy to implement with IMAP. Self-configuring with IMAP, MUA can tell automatically if JB is available. Relatively secure since client has already logged in to server.
Con: Requires changes to protocol and to server software.
- Move messages to a specific subfolder such as Spam.
Pro: Already implemented at AOL and in dovecot-antispam, requires no protocol changes. Relatively secure since client has already logged in to server.
Con: Requires IMAP server (or back end at least) changes, adds a reserved folder name. Arguably better to annotate the folder (IMAP METADATA extension required) than to reserve a name, since the name may be language specific. Overloads the "junk" folder, which is a place where filters automatically place suspected junk.
Via POP
Possibilities include:
- Add a command like XTND JUNK that the MUA can use to send a message back to the server.
- Modify the protocol so that UIDLs or message numbers persist beyond message deletion, and add a command to report the UIDL or session ID number.
Pro: Self-configuring, MUA can tell automatically if JB is available. Relatively secure since client has already logged in to server.
Con: Requires changes to protocol and server. XTND JUNK requires servers to accept arbitrarily large uploads, which they don't now. UIDL or ID report requires server to store potentially large amounts of additional mail.
Via other paths
Some MUAs read mailstore directly, or receive via UUCP or SMTP. Users would be out of luck.
Via a separate path
The MUA could build an ARF report from the reported message and send that report back to the server.
Overall pro: Server need not retain messages for potential report. Once configured, reporting system is independent of inbound path or server, not dependent on POP or IMAP.
Overall con: Less secure than returning directly to incoming server. Reports are larger compared to an IMAP flag change or POP UIDL report.
Via SMTP
- The MUA sends the ARF report to a reporting address at the mail system using standard SUBMIT or SMTP. Configuration only needs the target address.
Pro: MUAs already know how to create and send MIME messages, leverage existing software, simple configuration.
Con: SUBMIT or SMTP server might not be under the same management as inbound server, possibly leading to third party snooping or message loss. If systems accept reports other than from their own SUBMIT server, forged reports and DoS are possible.
Via HTTP PUT or POST
- The MUA uploads the ARF report using HTTP PUT or POST. Besides the URL, configuration may also need user/password for authentication.
Pro: Faster and and more secure than SMTP, since communication is directly from MUA to server. Another pro is that it may be more compatible with junk reporting used for non-SMTP messaging protocols, such as SMS, MMS, various IM, and SIP-based ones. Finally, it may be simpler to develop in JavaScript; for example, the Thunderbird plugin offered by blackhole.mx (abusix) uses XMLHttpRequest()
to upload spam samples.
Con: Requires an HTTP server to accept reports, and an HTTP client in the MUA to do a PUT or POST. These may challenges.
Configuring the MUA junk button
The MUA needs to know both whether a message can be reported as junk, and how to report it. We seem to agree that automatic configuration is better than manual.
Per message approaches
At delivery time, the MDA adds a header that indicates that a JB is available, with configuration parameters such as the address to which to mail an ARF report. A likely candidate for the header would be an extended version of the Authentication-Results header[15].
Pro: No changes to retrieval protocol, independent of retrieval protocol. Can put different flags on different messages. Can potentially remain useful across forwarding or mail systems that consolidate mail by POP retrieval from others.
Con: Requires changes to MDA. Bad guys could add headers to hijack reports, or do low-level DoS against third parties. Doesn't work well with IMAP junk flag, POP UIDL report, etc.
Per server approaches
Since the MUA already knows how to find a POP or IMAP server, it can find the JB configuration directly or indirectly from that server.
Server queries
The POP CAPA command and IMAP CAPABILITY command allow MUAs to query what a server can do. For schemes that report directly to the retrieval server, the MUA can see if the reporting command(s) are available. For schemes that return the report via a different path, a simple command could return configuration info.
Pro: Secure since MUA already logs into server, protocol and server changes are relatively simple. Config can be per-account, which might be useful for servers that handle multiple resellers.
Con; Still requires protocol and server changes.
Metadata in the DNS
- Publish configuration info in the DNS using names based on server names[16], e.g.,
_report.pop.example.com TXT "r=arfreport@example.com"
- Note that this record syntax is being considered for use by the mail host to send the report back to the relevant source.[17]
Pro: No changes to MDA, retrieval protocol or software. Easy to configure in MUAs that can make DNS queries (most of them, presumably).
Con: New requirement to manage host names that refer to POP or IMAP server. Servers may have multiple names (thousands in some cases) via CNAME or multiple A records requiring a lot of DNS maintenance for any change. Servers may be accessed via tunnels or proxies that don't provide the server name. All users of the same server get the same metadata, unless they refer to it by different names in which case maybe they don't.
- If a server has many CNAMEs pointing at one A record, a variant would be for the MUA to resolve all the CNAMEs and look for the metadata near the name of the A record, e.g.
pop.example.com CNAME poppy.example.net _report.poppy.example.net TXT "r=arfreport@example.net"
Pro: Addresses multiple CNAME problem.
Con: Only partial solution, doesn't address multiple A, tunnel, etc. Unusual DNS usage may be hard to implement or have subtle problems evident to DNS weeenies.
See also
- Abuse Reporting
- The marf (Messaging Abuse Reporting Format) IETF's WG. That charter comprises the issue of publishing somehow the address to which abuse reports should be sent.
References
- ↑
Dave CROCKER Consensus Call - submission via posting (was Re: Iteration #3) Sat, 06 Feb 2010 10:37:05 -0800.
- ↑
Lyndon Nerenberg Re:... Sat, 6 Feb 2010 11:50:58 -0700.
- ↑
Chris Lewis Re:... Sat, 6 Feb 2010 14:36:49 -0500.
- ↑
Steve Atkins Re:... Sat, 6 Feb 2010 12:42:06 -0800.
- ↑
Dotzero Re:... Sat, 6 Feb 2010 18:13:58 -0500.
- ↑
Derek Diget Re:... Sat, 06 Feb 2010 21:18:45 -0500 (EST).
- ↑
Bart Schaefer Re:... Sat, 06 Feb 2010 18:46:53 -0800.
- ↑
Alessandro Vesely Re:... Sun, 07 Feb 2010 07:33:29 +0100.
- ↑
John Levine Re:... 8 Feb 2010 14:14:03 -0000.
- ↑
BOBOTEK, ALEX Re:... Mon, 8 Feb 2010 08:50:12 -0800.
- ↑
Bill Cole Re:... Mon, 08 Feb 2010 23:11:57 -0500.
- ↑
Ian Eiloart Re:... Mon, 08 Feb 2010 12:43:13 +0000.
- ↑
Andrew Richards Re:... Mon, 08 Feb 2010 17:35:39 +0000.
- ↑
Jose-Marcio Martins da Cruz Re:... Tue, 09 Feb 2010 20:09:24 +0100.
- ↑
Chris Lewis RFC5451 Re: who gets the report, was We really don't need Mon, 8 Feb 2010 13:36:57 -0500.
- ↑
Dave CROCKER who has the message (was Re: Consensus Call - submission via posting (was Re: Iteration #3)) Mon, 08 Feb 2010 17:39:23 -0800.
- ↑ J.D. Falk (July 27, 2011). "A DNS TXT Record for Advertising and Discovering Willingness to Provide or Receive ARF Reports" MARF WG. IETF. Retrieved on August 03, 2011.