Bug 6713

Summary: Every whitelist description MUST contain URL for SIMPLE reporting complaints/abuse.
Product: Spamassassin Reporter: anfi <anfi>
Component: RulesAssignee: SpamAssassin Developer Mailing List <dev>
Status: NEW ---    
Severity: enhancement CC: anfi, bug, gdt, kmcgrail
Priority: P4    
Version: SVN Trunk (Latest Devel Version)   
Target Milestone: Undefined   
Hardware: All   
OS: All   
Whiteboard:

Description anfi 2011-11-30 19:25:33 UTC
IMHO next stable SA release should dump every whitelist unless it can provide single URL for simple filling complains (reporting whitelisted spam).
Such URL will be included in SA sources/configuration e.g. 50_scores.cf
Comment 1 Greg Troxel 2011-11-30 21:18:21 UTC
I think an email address is necessary, not just a URL to a form.
Comment 2 AXB 2011-11-30 21:23:46 UTC
why not provide the exact description /rule you suggest so it can be reviewed by the PMC?
Comment 3 Greg Troxel 2011-11-30 21:40:14 UTC
I would suggest:

Every remote whitelist (e.g. via DNS) included in SA's default configuration must adhere to the following transparency and complaint standards:

  It must have a web page, hosted by whitelist operator, that explains the whitelist's

     listing criteria

     process for addressing complaints of spam from whitelisted addresses

     email address for submission of spam received from whitelisted addresses

  Complaints must be effectively addressed.
Comment 4 AXB 2011-11-30 21:46:04 UTC
(In reply to comment #3)
> I would suggest:
> 
> Every remote whitelist (e.g. via DNS) included in SA's default configuration
> must adhere to the following transparency and complaint standards:
> 
>   It must have a web page, hosted by whitelist operator, that explains the
> whitelist's
> 
>      listing criteria
> 
>      process for addressing complaints of spam from whitelisted addresses
> 
>      email address for submission of spam received from whitelisted addresses
> 
>   Complaints must be effectively addressed.

guys.. bugzilla is not the right place for this kind of discussion.

Suggest you move this to the sa-users list and return here when you have the rules' descriptions, and all coordinated with the "whitelist operator", wrapped up, ready to go for reviewal.
Comment 5 anfi 2011-11-30 22:49:15 UTC
My goal is to purge (from SA) whitelists with abuse reporting looking "like intentionally hidden/discouraging". I am not against adding extra requirements suggested by Greg.
Comment 6 Kevin A. McGrail 2011-11-30 23:00:49 UTC
(In reply to comment #5)
> My goal is to purge (from SA) whitelists with abuse reporting looking "like
> intentionally hidden/discouraging". I am not against adding extra requirements
> suggested by Greg.

I honestly don't even know what people are talking about.  What's a rule or rule they are talking about?

As far as rules for things, one size fits all rules are very difficult to craft and would likely not be ready for version 3.4.0.
Comment 7 anfi 2011-12-01 00:54:44 UTC
My "request for improvement" has been triggered by (yet another) complaint about senderscorecertified.com at news:pl.internet.mordplik (mordplik=>killfile).

Another case can be found at:
http://www.gossamer-threads.com/lists/spamassassin/users/159915?do=post_view_threaded

IMHO Whitelist does not deserve -5.0 points without EASY for find/follow complaints/spam reporting procedure.

file 50_scores.cf:
# ReturnPath Certified
# http://www.returnpath.net/internetserviceprovider/certification/
# CERTIFIED is a subset of SAFE, thus the score is cumulative.
# -2 + -3 = -5 points for CERTIFIED
score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0
score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0
Comment 8 Karsten Br├Ąckelmann 2011-12-01 01:33:07 UTC
(In reply to comment #7)
> My "request for improvement" has been triggered by (yet another) complaint
> about senderscorecertified.com at news:pl.internet.mordplik

While I do agree in general, that abuse reporting for whitelists should be easy to find (and exactly this has been a long-ish debate years ago)...

  RCVD_IN_RP_CERTIFIED  Sender is in Return Path Certified (trusted relay)

Asking Google for the obvious, given the SA description line above

  spamassassin Return Path Certified

yields the Rules/RCVD_IN_BSP_TRUSTED in the SA wiki as second hit. A rather short, informative page, even *including* an email address for complaints. And bug 5977 for that matter. FWIW, previous complaints ultimately led to exactly this, an easy method of reporting to RP about abuse.

Other than the page name not being in sync with the rule name *sigh*, what else is missing here?
Comment 9 Karsten Br├Ąckelmann 2011-12-01 01:36:47 UTC
And bug 5977 comment 11 actually mentions the email address I had in mind, specifically added for SA users.

So this is a wiki documentation issue?