On Jul 25, 2011, at 3:01 AM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf Of >> Steve Atkins >> Sent: Sunday, July 24, 2011 9:28 PM >> To: Message Abuse Report Format working group >> Subject: Re: [marf] FW: Feedback on: ARF feedback type Virus/_report >> subdomain >> >> From experience, many FBL handlers are behind the primary corporate MX. >> Often configured to avoid filters. Sometimes not. Sometimes configured >> to do so until the MX (which is not under control of the people >> operating the FBL eater) is upgraded or outsourced. >> >> If FBL messages contain hostile content they're fairly likely to be >> silently dropped or quarantined at a small fraction of recipients >> today. That fraction would probably increase if more organizations than >> the current selection (ESPs and some ISPs) start to take advantage of >> them - which is something I'd really like to happen in the case of FBLs >> based on detection of malware emission. > > Does that mean you feel this justifies a change to the base draft?
I don't think so, no, definitely not if doing so would increase implementation complexity further. But it's something to be aware of if ARF is pushed beyond it's original scope of reporting "My user thinks this is spam" to things it's less well suited for (where the obvious payload of the report is not really a message/rfc822 attachment). Cheers, Steve _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
