On 2021-01-24 at 12:52 -0500, John Levine via mailop wrote: > In article <6b96f527-0f53-494f-bb65-3e450a386...@wordtothewise.com> > you write: > > > Note: Some people will vehemently oppose to not placing filters, > > > though. Some threads at RIPE anti-abuse-wg show that. > > > > There are extremely valid reasons to filter mail coming into the > > abuse mailbox and I would also argue against > > any blanket ’this mailbox must not be filtered’ claim. > > Right. There's filters and there's filters. In my experience you can > make a pretty good first pass by looking through the message for an > IP address or domain that you control and could do something about. > Lacking that, it's unlikely that there's anything useful in the > message. On the other hand, I have little sympathy for abuse desks > that write back to my ARF reports and say opening attachments is too > scary so send us something without them.
Note I didn't say "Thou shall not use any filtering at all". Some moderately filtering can be acceptable. But generally abuse desk official addresses shall have less filtering than e.g. marketing. And particularly, they should not be filtering receiving what they sent themselves. I remember interacting with an abuse desk that had a pretty good automation to automatically extract the IP address being reported in order to pass it to the relevant customer. Too bad they didn't recognise as theirs an IP address they owned according to the RIR (and so automatically rejected attempts to bring that to their attention as "not our IP")... > > > If any, you would want to define some kind of rejection message > > > that provided the equivalent of a "HTTP 301" so that the MTA > > > itself could redirect it to the right mailbox. > > > > That type of redirect is in the SMTP spec already. > > Yup, that's the 251 and 551 reply codes. Since they've been in the > SMTP spec for close to 40 years and I have never seen anyone actually > implement them (at least not in this century), I think it's safe to > say they're not going to happen. Yes, shame on me. I didn't immediately realize about that uncommon reply code. Although I did notice by myself shortly thereafter. > Laura wrote: > > I think the right way to address this would be to include an Abuse- > > Contact field on security.txt, which would override the default of > > ab...@example.com > > Or one might define a separate abuse.txt, specially if there is a > > need > > for other additional abuse fields, but otherwise I think abuse > > handling > > is similar enough that can be included under the securitytxt > > umbrella. > Security is often a completely different functionality than handling > spam complaints. Fair enough. It could be provided as a different txt. Best regards _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
