This is not directly related to Exim, but I suspect that many of you
will be very interested in this, as I assume most of you are opposed to
spam.
When a spam is received, most of us probably know how to pick out all
sorts of identifying information, IP addresses, etc out of the headers,
and figure out who to report the offense to (Eg, the dialup provider,
the provider of the advertised www page, the postmaster at the relay,
and perhaps abuse@ for the domains of any forged addresses included),
and we all hope for swift action by any concerned party.
However, we all undoubtedly realize that the recipients of these
reports/complaints have (especially the admins at national "online
services" and national dialup providers) to sift thru a massive ton of
these things by hand, which certainly include a massive number of
duplicate reports of the same offender, but in different formats and
including different information.
I propose to specify a standard format for spam/abuse reports, and
perhaps include some implementation at abuse.net (if the administrators
at that site are interested), whereby a specific address at that site
would receive standard form reports which would include the required
information, such as IP addresses and domains, to determine appropriate
recipients of the report (again, still in a standard form), and to then
forward that report on, along with explanatory text if it is not
already known that the recipient will understand the report. One of the
datum could be the exact subject line of the spam itself, which this
system could keep record of, and avoid sending duplicate reports for
the same spam (but perhaps could send a summary message after some
interval)
I am of course familiar with extracting certain information from
headers and sending reports, but I am seeking suggestions as to what
information should be in a stndard report and how to include it. I am
fairly certain that I want to use a text format similar to RFC822
headers, and I have a good idea what some of the information needs to
be, but I still want input. I would think it should be as flexible as
necesarry, even including data appropriate to report usenet spam,
mailbombing, flooding, etc.
I do however already have a good name for it (I think).
SARS- Standardized Abuse Reporting System
:P
Please reply to me personally to keep this off the exim list. If I get
sufficient interested reponses, I will fire up a 'sars' list on the
majordomo I run...
--
*** Exim information can be found at
http://www.exim.org/ ***