7c7 < Expires: November 7, 2005 May 6, 2005 --- > Expires: November 14, 2005 May 13, 2005 11c11 < draft-shafranovich-feedback-report-01-pre1.txt --- > draft-shafranovich-feedback-report-01.txt 15,20c15,18 < This document is an Internet-Draft and is subject to all provisions < of Section 3 of RFC 3667. By submitting this Internet-Draft, each < author represents that any applicable patent or other IPR claims of < which he or she is aware have been or will be disclosed, and any of < which he or she become aware will be disclosed, in accordance with < RFC 3668. --- > By submitting this Internet-Draft, each author represents that any > applicable patent or other IPR claims of which he or she is aware > have been or will be disclosed, and any of which he or she becomes > aware will be disclosed, in accordance with Section 6 of BCP 79. 38c36 < This Internet-Draft will expire on November 7, 2005. --- > This Internet-Draft will expire on November 14, 2005. 56c54,56 < Shafranovich Expires November 7, 2005 [Page 1] --- > > > Shafranovich Expires November 14, 2005 [Page 1] 69c69 < 5.2 Optional Fields Appearing Once . . . . . . . . . . . . . . 5 --- > 5.2 Optional Fields Appearing Once . . . . . . . . . . . . . . 6 71,72c71,72 < 6. MIME Type Registration of message/feedback-report . . . . . 6 < 7. Extensibility . . . . . . . . . . . . . . . . . . . . . . . 7 --- > 6. MIME Type Registration of message/feedback-report . . . . . 7 > 7. Extensibility . . . . . . . . . . . . . . . . . . . . . . . 8 76,77c76,77 < 9. Security Considerations . . . . . . . . . . . . . . . . . . 10 < 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 10 --- > 9. Security Considerations . . . . . . . . . . . . . . . . . . 11 > 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 11 80c80 < 11.2 Informative References . . . . . . . . . . . . . . . . . 11 --- > 11.2 Informative References . . . . . . . . . . . . . . . . . 12 82,91c82,91 < A. Appendix A - An Sample Abuse Report . . . . . . . . . . . . 12 < B. Status of This Document [To Be Removed Upon Publication] . . 13 < B.1 Discussion Venue . . . . . . . . . . . . . . . . . . . . . 13 < B.2 Document Repository and Public Website . . . . . . . . . . 13 < B.3 Document History . . . . . . . . . . . . . . . . . . . . . 13 < Intellectual Property and Copyright Statements . . . . . . . 15 < < < < --- > A. Appendix A - Sample Feedback Reports . . . . . . . . . . . . 12 > A.1 Simple Report for Email Abuse without Optional Headers . . 12 > A.2 Opt-Out Report without Message Body . . . . . . . . . . . 13 > A.3 Full Report for Email Abuse with All Headers . . . . . . . 14 > B. Status of This Document [To Be Removed Upon Publication] . . 16 > B.1 Discussion Venue . . . . . . . . . . . . . . . . . . . . . 16 > B.2 Document Repository and Public Website . . . . . . . . . . 16 > B.3 Document History . . . . . . . . . . . . . . . . . . . . . 16 > B.4 Outstanding Issues . . . . . . . . . . . . . . . . . . . . 17 > Intellectual Property and Copyright Statements . . . . . . . 19 112c112 < Shafranovich Expires November 7, 2005 [Page 2] --- > Shafranovich Expires November 14, 2005 [Page 2] 129a130,136 > While there have been previous work in this area([12] and [13]), none > of them have yet been sucessful. It is hoped that this document will > have a better fate. > > This format is intended primarily as an Abuse Reporting Format (ARF) > for reporting email abuse but also includes support for feedback > loops, virus reports and other similar activities. 139c146 < document are to be interpreted as described in [RFC2119]. --- > document are to be interpreted as described in RFC 2119 [2]. 150,151c157,158 < o To inform ISPs about email abuse and viruses originating from or < related to their networks --- > o To inform ISPs about email abuse originating from or related to > their networks 157,163d163 < o To inform email service provides about opt-out requests < < Please note that while the parent "multipart/report" content type < defined in RFC 3462 [1] is used for all kinds of administrative < messages, this format is intended specifically for communications < among providers regarding email abuse and related issues, and SHOULD < NOT be used for other reports. 168c168 < Shafranovich Expires November 7, 2005 [Page 3] --- > Shafranovich Expires November 14, 2005 [Page 3] 172a173,180 > o To inform email service provides about opt-out requests > > Please note that while the parent "multipart/report" content type > defined in RFC 3462 [1] is used for all kinds of administrative > messages, this format is intended specifically for communications > among providers regarding email abuse and related issues, and SHOULD > NOT be used for other reports. > 184c192 < o The machine readable section must provide ability for report --- > o The machine readable section must provide ability for the report 210c218 < (as defined in RFC 2046 [2]) OR a copy of the headers from the --- > (as defined in RFC 2046 [3]) OR a copy of the headers from the 213,220d220 < RFC 3462 [1]). < < e. Each feedback report MUST be related to only a SINGLE email < message. Summary and aggregate formats are outside the scope of < this specification. < < f. The subject line of the feedback report SHOULD be the same as the < included email message and MAY include only the standard 224c224 < Shafranovich Expires November 7, 2005 [Page 4] --- > Shafranovich Expires November 14, 2005 [Page 4] 228a229,239 > RFC 3462 [1]). While some operators may choose to modify or > munge this portion for privacy or legal reasons, it is > RECOMMENDED that the entire original email message be included > without any modification. > > e. Each feedback report MUST be related to only a SINGLE email > message. Summary and aggregate formats are outside the scope of > this specification. > > f. The subject line of the feedback report SHOULD be the same as the > included email message and MAY include only the standard 243c254 < according to the ABNF of RFC 822 [12] header "fields". This section --- > according to the ABNF of RFC 822 [14] header "fields". This section 262c273 < follow section 14.43 of RFC 2616 [3]. --- > follow section 14.43 of RFC 2616 [4]. 265a277,284 > > > > Shafranovich Expires November 14, 2005 [Page 5] > > Internet-Draft Format for Feedback Reports May 2005 > > 276,283c295 < field is defined in section 4.1.1.2 of RFC 2821 [4]. < < < < Shafranovich Expires November 7, 2005 [Page 5] < < Internet-Draft Format for Feedback Reports May 2005 < --- > field is defined in section 4.1.1.2 of RFC 2821 [5]. 287c299 < field is defined in section 4.1.1.3 of RFC 2821 [4]. --- > field is defined in section 4.1.1.3 of RFC 2821 [5]. 291c303 < per section 3.3 of RFC 2822 [5]. --- > per section 3.3 of RFC 2822 [6]. 297c309 < RFC 2373 [6]. --- > RFC 2373 [7]. 308c320 < [7]. Report receivers should note that this field only indicates --- > [8]. Report receivers should note that this field only indicates 313c325 < defined in section 2.3.1 of RFC 1035 [8]. --- > defined in section 2.3.1 of RFC 1035 [9]. 317c329 < RFC 2396 [13]. --- > RFC 2396 [15]. 320,322c332 < from the mailing list (only used with "opt-out" feedback report). < The format of this field is defined in section 3.4.1 of RFC 2822 < [5]. --- > from the mailing list (MUST only be used with "opt-out" and "opt- 325d334 < 6. MIME Type Registration of message/feedback-report 327,329c336,338 < This section provides the media type registration application (as per < RFC 2048 [11], which will be submitted to IANA after IESG approval of < this document. --- > Shafranovich Expires November 14, 2005 [Page 6] > > Internet-Draft Format for Feedback Reports May 2005 331d339 < To: ietf-types@iana.org 332a341,342 > out-list" types). The format of this field is defined in section > 3.4.1 of RFC 2822 [6]. 334a345 > 6. MIME Type Registration of message/feedback-report 336,338c347,349 < Shafranovich Expires November 7, 2005 [Page 6] < < Internet-Draft Format for Feedback Reports May 2005 --- > This section provides the media type registration application (as per > RFC 2048 [11], which will be submitted to IANA after IESG approval of > this document. 339a351 > To: ietf-types@iana.org 377a390,396 > > > Shafranovich Expires November 14, 2005 [Page 7] > > Internet-Draft Format for Feedback Reports May 2005 > > 389,396d407 < < < < Shafranovich Expires November 7, 2005 [Page 7] < < Internet-Draft Format for Feedback Reports May 2005 < < 419,420c430,433 < described in RFC 2434 [9]. Any new field registered is considered < OPTIONAL unless a new version of this specifiction is published. --- > described in RFC 2434 [10] (the expert should be appointed by the > Area Directors of the Applications Area). Any new field registered > is considered OPTIONAL unless a new version of this specification is > published. 431a445,452 > > > > Shafranovich Expires November 14, 2005 [Page 8] > > Internet-Draft Format for Feedback Reports May 2005 > > 444,452d464 < < < < < Shafranovich Expires November 7, 2005 [Page 8] < < Internet-Draft Format for Feedback Reports May 2005 < < 489c501,509 < Description: date the original message was received --- > > > > Shafranovich Expires November 14, 2005 [Page 9] > > Internet-Draft Format for Feedback Reports May 2005 > > > Description: date the original message was received 501,509c521 < < < < Shafranovich Expires November 7, 2005 [Page 9] < < Internet-Draft Format for Feedback Reports May 2005 < < < Related "Feedback-Type": any --- > Related "Feedback-Type": any 514c526 < Related "Feedback-Type": opt-out --- > Related "Feedback-Type": opt-out, opt-out-list 539c551,567 < o opt-out - a request to opt out from a mailing list. --- > o fraud - indicates some kind of fraud or phishing activity. > > o opt-out - a request to opt out from ALL mailing lists from this > provider. > > > > > > Shafranovich Expires November 14, 2005 [Page 10] > > Internet-Draft Format for Feedback Reports May 2005 > > > o opt-out-list - a request to opt out from THIS mailing list ONLY. > > o other - any other feedback that doesn't fit into other types. 553c581,582 < activities. --- > activities, and all of the members of the abuse-feedback-report > public mailing list. 557,564d585 < < < < Shafranovich Expires November 7, 2005 [Page 10] < < Internet-Draft Format for Feedback Reports May 2005 < < 571c592,595 < [2] Freed, N. and N. Borenstein, "Multipurpose Internet Mail --- > [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement > Levels", BCP 14, RFC 2119, March 1997. > > [3] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 575c599 < [3] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., --- > [4] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., 579c603 < [4] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, --- > [5] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, 582c606 < [5] Resnick, P., "Internet Message Format", RFC 2822, April 2001. --- > [6] Resnick, P., "Internet Message Format", RFC 2822, April 2001. 584c608 < [6] Hinden, R. and S. Deering, "IP Version 6 Addressing --- > [7] Hinden, R. and S. Deering, "IP Version 6 Addressing 587c611 < [7] Kucherawy, M., "Message Header for Indicating Sender --- > [8] Kucherawy, M., "Message Header for Indicating Sender 588a613,620 > > > > Shafranovich Expires November 14, 2005 [Page 11] > > Internet-Draft Format for Feedback Reports May 2005 > > 591c623 < [8] Mockapetris, P., "Domain names - implementation and --- > [9] Mockapetris, P., "Domain names - implementation and 594c626 < [9] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA --- > [10] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA 598,600d629 < [10] Bradner, S., "Key words for use in RFCs to Indicate Requirement < Levels", BCP 14, RFC 2119, March 1997. < 607c636,643 < [12] Crocker, D., "Standard for the format of ARPA Internet text --- > [12] Crissman, G., "Proposed Spam Reporting BCP Document", May 2005, > . > > [13] Anti-Spam Research Group (ASRG) of the Internet Research Task > Force (IRTF), "Abuse Reporting Standards Subgroup of the ASRG", > May 2005, . > > [14] Crocker, D., "Standard for the format of ARPA Internet text 610c646 < [13] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform --- > [15] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 615,620d650 < < Shafranovich Expires November 7, 2005 [Page 11] < < Internet-Draft Format for Feedback Reports May 2005 < < 629c659,674 < Appendix A. Appendix A - An Sample Abuse Report --- > Appendix A. Appendix A - Sample Feedback Reports > > A.1 Simple Report for Email Abuse without Optional Headers > > > > > > > > > > > Shafranovich Expires November 14, 2005 [Page 12] > > Internet-Draft Format for Feedback Reports May 2005 643a689,692 > For more information about this format please see http://www.mipassoc.org/arf/. > > --part1_13d.2e68ed54_boundary > Content-Type: message/feedback-report 644a694,794 > Feedback-Type: abuse > User-Agent: SomeGenerator/1.0 > Version: 0.1 > > --part1_13d.2e68ed54_boundary > Content-Type: message/rfc822 > Content-Disposition: inline > > From: > Received: from mailserver.example.net (mailserver.example.net [10.67.41.167]) > by example.com with ESMTP id M63d4137594e46; Thu, 08 Mar 2005 14:00:00 -0400 > To: > Subject: Earn money > MIME-Version: 1.0 > Content-type: text/plain > Message-ID: 8787KJKJ3K4J3K4J3K4J3.mail@example.net > Date: Thu, 02 Sep 2004 12:31:03 -0500 > > Spam Spam Spam > Spam Spam Spam > Spam Spam Spam > Spam Spam Spam > --part1_13d.2e68ed54_boundary-- > > > A.2 Opt-Out Report without Message Body > > > > > > > > > Shafranovich Expires November 14, 2005 [Page 13] > > Internet-Draft Format for Feedback Reports May 2005 > > > From: > Date: Thu, 8 Mar 2005 17:40:36 EDT > Subject: FW: Earn money > To: > MIME-Version: 1.0 > Content-Type: multipart/report; report-type=feedback-report; boundary="part1_13d.2e68ed54_boundary" > > --part1_13d.2e68ed54_boundary > Content-Type: text/plain; charset="US-ASCII" > Content-Transfer-Encoding: 7bit > > This is an opt-out report for an email message received from IP 10.67.41.167 on Thu, 8 Mar 2005 14:00:00 EDT. > For more information about this format please see http://www.mipassoc.org/arf/. > > --part1_13d.2e68ed54_boundary > Content-Type: message/feedback-report > > Feedback-Type: opt-out > User-Agent: SomeGenerator/1.0 > Version: 0.1 > Removal-Recipient: user@example.com > > --part1_13d.2e68ed54_boundary > Content-Type: message/rfc822-headers > Content-Disposition: inline > > From: > Received: from mailserver.example.net (mailserver.example.net [10.67.41.167]) > by example.com with ESMTP id M63d4137594e46; Thu, 08 Mar 2005 14:00:00 -0400 > To: > Subject: Earn money > MIME-Version: 1.0 > Content-type: text/plain > Message-ID: 8787KJKJ3K4J3K4J3K4J3.mail@example.net > Date: Thu, 02 Sep 2004 12:31:03 -0500 > --part1_13d.2e68ed54_boundary-- > > > A.3 Full Report for Email Abuse with All Headers > > > From: > Date: Thu, 8 Mar 2005 17:40:36 EDT > Subject: FW: Earn money > To: > MIME-Version: 1.0 > Content-Type: multipart/report; report-type=feedback-report; boundary="part1_13d.2e68ed54_boundary" > > > > > Shafranovich Expires November 14, 2005 [Page 14] > > Internet-Draft Format for Feedback Reports May 2005 > > > --part1_13d.2e68ed54_boundary > Content-Type: text/plain; charset="US-ASCII" > Content-Transfer-Encoding: 7bit > > This is an email abuse report for an email message received from IP 10.67.41.167 on Thu, 8 Mar 2005 14:00:00 EDT. > For more information about this format please see http://www.mipassoc.org/arf/. 669,676d818 < < < < Shafranovich Expires November 7, 2005 [Page 12] < < Internet-Draft Format for Feedback Reports May 2005 < < 692a835,844 > > > > > > Shafranovich Expires November 14, 2005 [Page 15] > > Internet-Draft Format for Feedback Reports May 2005 > > 712a865,876 > Changes from draft-shafranovich-feedback-report-01-pre1 to > draft-shafranovich-feedback-report-01: > > o Added an "Outstanding Issues" section. > > o Minor spelling mistakes and clarifications. > > o Added links to previous work and more examples. > > o Added three new types: "fraud" for phishing, "opt-out-list" for a > single list opt out, and "other" as a catch-all. > 716c880 < o Changed the introduction section< to clarify specific points that --- > o Changed the introduction section to clarify specific points that 723a888,891 > o Added a reference to RFC 2119 and changed the document to comply > > o Made it clear that the requirements section) is not the one > defining the standard 728c896 < Shafranovich Expires November 7, 2005 [Page 13] --- > Shafranovich Expires November 14, 2005 [Page 16] 733,737d900 < o Added a reference to RFC 2119 and changed the document to comply < < o Made it clear that the requirements section) is not the one < defining the standard < 772a936,996 > B.4 Outstanding Issues > > Here is a list of some outstanding issues for this document that have > not been finalized: > > o Whether encoding of the machine readable part should be limited to > 7-bit > > o Whether there is a need for both "opt-out" and "opt-out-list", and > whether this format should be used for opt-outs at all. > > o Whether the "from" address should be required to be a human just > like other RFCs in the "message/report" family. > > > > Shafranovich Expires November 14, 2005 [Page 17] > > Internet-Draft Format for Feedback Reports May 2005 > > > o Whether there is a need for a new header to indicate munging of > the included email message. > > o Whether different type of convention should be allowed for subject > lines. > > o Whether there should be different types defined for "Reported-Uri" > to better indicate to the report receiver how they are related to > the email message in question. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 784c1008 < Shafranovich Expires November 7, 2005 [Page 14] --- > Shafranovich Expires November 14, 2005 [Page 18] 840c1064 < Shafranovich Expires November 7, 2005 [Page 15] --- > Shafranovich Expires November 14, 2005 [Page 19]