On 29/Jul/11 02:14, zav961 wrote: > I see the autoresponders fully involved here - MARF is actually an > ideal tool to be used by spam filters, virus scanners and the like, > long term they'll certainly take advantage of the possibilities of > MARF. > > [...] > > Hence, to word a request to the MARF group: design the MARF drafts > not only with manual, but also with automated responders in mind. I > am convinced, that automated responders will create most of the > feedback messages in not too distant future.
+1, possibly we should add a field such as Report-Trigger: human/auto. Automatically triggered reports to discovered (not FBL) consumers may actually correspond to the etymological DSN origin or ARF. An MTA decides to quarantine a message, either UBE or virus, and issues a report. The report should be sent with an empty smtp.mailfrom in this case, so it may be an alternative to "Report-Trigger". I concur that text/rfc822-headers is enough for automatically discovered viruses, if Reported-Malware is set. How about UBE? Such reports probably also need to be handled differently, according to their human/auto origin. > Malware analysis companies have established their own channels of > how to receive malware samples. That's not a consideration for > reporting mail abuse, in my opinion. I disagree on this. Many companies have, or used to have, email addresses specific for (suspected) virus submission by humans, e.g. [email protected], [email protected], [email protected], ... Most of them recommend to use zip files, possibly password-protected so that sender-side mail scanners won't block them. > If the virus scanner did not recognize the threat, there will > obviously be no report anyway and the malware go through - and may > cause damage at the recipient's end, which then will trigger the > malware being submitted to malware analysers. That is to say, there will be a report, but to a different consumer. jm2c _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
