Re: [dnswl-users] Experimental dnswl.org feature - Abuse Reporting

[Alessandro Vesely <vesely@xxxxxxx>]

Hi,
I'd like to understand the meaning of this experiment, and I have some 
difficulties. I've been lurking a while, but the list is very silent, 
and this thread is no exception... Thus, I think I'd dare ask a few 
questions.
Apparently, the basic idea is that a DNSWL-listed ID can get its score 
adjusted according to reported spam. Is that correct?
Matthias Leisi wrote:
> The feature is still experimental, but we would like to get a handful
> of you to test it out. It is currently a simple web form, but we plan
> to add an SMTP option as soon as things have matured a bit.
Will the SMTP channel use ARF?

> Basically, there are four steps to the Abuse Reporting process:
>
> 1) The user (that would be you :) ) copy&pastes the raw mail source
> into the web form. (Currently, you should also indicate the offending
> IP, because the parser is very limited)
How is trust going to be weighted between the submitting user and the 
offending IP's operator?
> 2) A regularly running script tries to add additional information to
> your report - DNSWL Id, link to internally stored network ranges etc.
Fine. Some external sources may also be relevant.

> 3) Editors review the reports and give three types of feedback:
> ** Is it really spam/abuse?
> ** Indicate what action has been taken (no action, rescore, delist, "other")
> ** And actually execute the action
Who is going to carry out such a job?!? Reading spam is really boring, 
and I don't think it makes sense to hire people for doing that...
IMHO, this is where weighting trust can bring some advantage: if the 
spammy message originated from a somewhat trusted operator, it may be 
worth to give them a chance to appeal against the message being 
considered spam, and make use of human judgment only in case they do. 
The theory here is that a user of an otherwise correct server might 
have fallen into the temptation of sending spam, or has been botted. 
In such cases, the operator acknowledges the spam and may take 
appropriate steps to avoid it in the future --punish or disinfect the 
user, or just unsubscribe the relevant recipient. However, in case of 
reporter's errors, the operator may appeal in oder to avoid worsening 
its score. That implies feedback loops, though.
In general, do you plan to forward those abuse reports? I've tried to 
depict reports flow in 
http://wiki.asrg.sp.am/wiki/Abuse_Reporting#The_Feedback_Loop_.28FBL.29_and_other_usage_of_abuse_reports
where DNSWL would play the role of a "Reputation tracker". Any comment 
on that picture?
> 4) The user (again, you!) can see the progress of each report in the
> web form (for the last 20 or so reports).
Can the user retract? I'd guess reporters may make errors too... For 
SMTP submission in particular, as it eases automated abuse-report 
forwarding (as illustrated), situations may rise where it is difficult 
to identify a report's author correctly.