[SpamCop-List] Re: Interested third parties

[Mike Easter]

JLS wrote:
> Mike Easter
>> We're getting our various arguments jumbled up.

> I believe _you_ brought up the evidentiary concerns.  This globalized
> the scope and I was addressing those issues.  To get all the way back
> to the original, the point goes something like this:
>
> If one abides by the spirit and intent of the RFCs as agreed to by the
> majority, abuse desks are simply not ALLOWED to "refuse" reports
> based on the particulars of the content according to their individual
> whims.

Actually the original original point was about an interested third party
who was the parent of some of the netblocks of a provider for a
spamvertiser but not the actual netblock in question.  I'm not sure about
the spirit and intent of RFCs vis abuse desks and spam reports.  Custom
and tradition as explained in nanae would suggest that the abuse desk
people who show up there believe that the desks who should receive spam
reports are the providers for the spamsource and the 'spam support'
providers, which are the providers for the spamvertisers.  It seems to me
that the abuse desks posting in nanae believe that reports shouldn't be
munged;  but 'presumably' the desks posting in nanae are allegedly
whitehat desks.

> This if allowed, could be taken to the ridiculous extreme
> where desk-A wants certain data on line 2; desk-B insists on it being
> on line 3, starting at column
> 8...

Many times the subject of an 'approved' format for spam reports has been
discussed, but never quite settled in a way that has resulted in a
standard practice;  and because of the scraping which goes on in
sightings, typically the items which are posted there may be munged or
redacted to pieces, more than would be acceptable to the abuse desks
posting in nanae.


<going off on a philosphical angle to this discussion>

I think that one of the reasons these arguments about mungeing or
redacting vs not go on and on is that there are too many variables in the
discussions to be discussing a single 'thing' coherently - besides the
differences in philosphies of the arguers.

First, we have the situation as to who/what is being notified role-wise.
I may notify the provider for an abused proxy/source, or the provider for
a 'real' source [long ago], or the provider for an abused open smtp relay
[pretty uncommon these days], or the provider for the spamvertiser.  I
may also notify the parent or upstream AS adjacencies of the source or
spamvertiser if they've shown unresponsiveness in the past, ie listed in
spews or spamhaus.  There are a lot of differences in those various
roles, including how that might affect the appropriateness of mungeing or
redacting or not.

Next, we have the situation as to what is the color of those various
providers' hats, vis a vis those roles above, you can guess that the hat
color ranges all the way from distinctly white to various shades of gray,
pink, and black -- to say nothing of distinctive colors of cluelessness,
besides clued.  Of course that affects the appropriateness of
mungeing/redacting or not.

Then, we have the situation about what 'color' is this address of the
recipient we're discussing -- ranging all the way from 'role accounts' to
'throwaway' accounts to 'spamtrap' addresses.

What I'm calling a role account is one in which the the address is never
ever changeable because it is the 'main' or primary address of the
account 'owner'.  That is, someone may have a cable modem broadband
account, of which there is only one cable provider and no alternative DSL
broadband providers available in a geographic area - so the address is
not at all 'throwaway' or even changeable.  The person isn't going to
give up a broadband access to get rid of their address, and they can only
change the subaccount or 'extra' addresses, not the principle one.  A
role account addressee may want spam eliminated from that address and
s/he doesn't care if it gets listwashed, all the better - including being
de-listed from spammee rosters as an 'anti-'.

Other people may be using throwaway addresses which are easily eliminated
or changed to another, but they don't mind 'exposing' that address.  Or,
maybe they do because they are anti-listwashing

Still other people may be using a 'spamtrap' type address, which they
don't want to change nor do they want to expose it to the spammer to have
it listwashed.


Then, if you are sitting on the other end of the equation, at the abuse
desk;  what you see is a wide range of behaviors of the notifiers, as
well as cluelessness.  The notifiers may be notifying about spats they
have in newsgroups.  They may be notifying about newsletters they have
subscribed to that they forgot about and have been reporting repeatedly
while mungeing their address and both avoiding and  thwarting
unsubscribing.  They may be mungeing or 'redacting' the content of the
original item in such an incompetent way as to destroy its usefulness.
Abuse desks see a lot of bad notifies and a lot of bad redacting or
mungeing.

You may also see notifiers who are well clued, don't ubermunge, and whose
notify would be acceptable even with standard SC mungeing - if only the
desk knew somehow that that was the actual extent of the mungeing.  Many
people post here who are 'into' ubermungeing, against the spamcop rules.


-- 
Mike Easter
kibitzer, not SC admin