Network Working Group J. Falk Internet-Draft Return Path Intended status: Informational July 4, 2010 Expires: January 5, 2011 A Review of Published Criteria for Acceptance Into a Complaint Feedback Loop Program draft-jdfalk-marf-acceptance-criteria-00 Abstract All known Feedback Generators (the operators of complaint feedback loops) have some criteria for acceptance of requests to receive feedback. This document is a review of such criteria, where publicly available. It is intended to inform design decisions within the Mail Abuse Reporting Format (MARF) Working Group [MARF-WG], and likely will never advance beyond internet-draft status. The information included herein was gathered from public web sites. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, except to format it for publication as an RFC or to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 5, 2011. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Falk Expires January 5, 2011 [Page 1] Internet-Draft CFBL Criteria Review July 2010 (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. AOL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. BlueTie . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Comcast . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Cox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Earthlink . . . . . . . . . . . . . . . . . . . . . . . . . . 8 7. Microsoft . . . . . . . . . . . . . . . . . . . . . . . . . . 9 8. Outblaze . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 9. OpenSRS . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 10. Rackspace . . . . . . . . . . . . . . . . . . . . . . . . . . 12 11. Road Runner . . . . . . . . . . . . . . . . . . . . . . . . . 13 12. USA.net . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 13. Yahoo! . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 17 Falk Expires January 5, 2011 [Page 2] Internet-Draft CFBL Criteria Review July 2010 1. Summary +--------------+------------------+-----------------+---------------+ | Mailbox | Confirmation | Reputation | Other | | Provider | Email Step | Score Check | Requirements | +--------------+------------------+-----------------+---------------+ | AOL | yes | unknown | unknown | | | | | | | BlueTie | yes | unknown | unknown | | | | | | | Comcast | yes | yes | unknown | | | | | | | Cox | yes | yes | unknown | | | | | | | Earthlink | unknown | unknown | unknown | | | | | | | Microsoft | unknown | unknown | presumably | | | | | | | Outblaze | unknown | unknown | yes | | | | | | | OpenSRS | yes | unknown | unknown | | | | | | | Rackspace | yes | unknown | unknown | | | | | | | Road Runner | yes | unknown | unknown | | | | | | | USA.net | yes | unknown | unknown | | | | | | | Yahoo! | yes | unknown | yes | +--------------+------------------+-----------------+---------------+ Table 1 Falk Expires January 5, 2011 [Page 3] Internet-Draft CFBL Criteria Review July 2010 2. AOL First, AOL offers subscribers a drop-down list consisting of abuse@, postmaster@, and "any other email address listed in the FBL email's domain WHOIS record." A prospective subscriber may choose one of these addresses to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain. Next, AOL attempts to prove ownership of the IP addresses (AOL's feedback loop is based on last-hop IP address, not domain.) For this, they require that one of five criteria is met: 1. reverse DNS (PTR record) for each IP shares the domain name selected in the first step 2. at least one authoritative nameserver for each IP shares the domain name 3. IP WHOIS information for each IP contains the domain 4. ASN WHOIS information contains the domain Falk Expires January 5, 2011 [Page 4] Internet-Draft CFBL Criteria Review July 2010 3. BlueTie BlueTie is perhaps best known as the mailbox provider behind Excite. Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain. BlueTie has not published additional criteria. Falk Expires January 5, 2011 [Page 5] Internet-Draft CFBL Criteria Review July 2010 4. Comcast Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain. Comcast also publishes the following criteria: o IPs with a Sender Score [SS] of 60 or above will be accepted. o IPs with a Sender Score of 30 to 60 cannot appear on any DNSBLs. o IP with a Sender Score below 30 will not be approved. Falk Expires January 5, 2011 [Page 6] Internet-Draft CFBL Criteria Review July 2010 5. Cox Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain. Cox also publishes the following criteria: o An IP or range with a Sender Score [SS] of 60 or higher will be approved. o An IP or range with a Sender Score between 30 and 60 may be approved if not listed on any RBLs. o A score of less than 30, or no score due to not enough traffic from the IP, will be denied. Falk Expires January 5, 2011 [Page 7] Internet-Draft CFBL Criteria Review July 2010 6. Earthlink Multiple sources, including [WTTW], report that Earthlink provides feedback only to fellow ISPs. Their specific criteria do not appear to be public. Falk Expires January 5, 2011 [Page 8] Internet-Draft CFBL Criteria Review July 2010 7. Microsoft Microsoft's "Junk Mail Reporting" program covers Hotmail, MSN, and Windows Live Mail. While Microsoft does not publicize the precise criteria used, some of the questions asked by their sign-up form provide some clues: o How would you describe your company or yourself? (multiple choice) o The home page where people sign up for your service o The opt-out link for each list or a link to your organization's Privacy Policy o Sender IPs for verification o Are the IP addresses registered under your company's name or domain name? o If no, do you have exclusive sending rights from the IP via your hosting company (not shared with any other senders)? o Can you remove customers who complain from your lists, or take action against spam accounts? Falk Expires January 5, 2011 [Page 9] Internet-Draft CFBL Criteria Review July 2010 8. Outblaze Word to the Wise [WTTW] reports that Outblaze's complaint feedback loop is only available to senders who confirm all subscription (opt-in) requests to their lists. Other sources have reported that Outblaze's complaint feedback loop is tied to their whitelisting program. The specifics do not appear to have been publicized. Falk Expires January 5, 2011 [Page 10] Internet-Draft CFBL Criteria Review July 2010 9. OpenSRS OpenSRS is a mail hosting service operated by Tucows. Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain. Tucows has not published additional criteria. Falk Expires January 5, 2011 [Page 11] Internet-Draft CFBL Criteria Review July 2010 10. Rackspace Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain. Rackspace has not published additional criteria. Falk Expires January 5, 2011 [Page 12] Internet-Draft CFBL Criteria Review July 2010 11. Road Runner Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain. Road Runner has not published additional criteria. Falk Expires January 5, 2011 [Page 13] Internet-Draft CFBL Criteria Review July 2010 12. USA.net Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain. USA.net has not published additional criteria. Falk Expires January 5, 2011 [Page 14] Internet-Draft CFBL Criteria Review July 2010 13. Yahoo! Yahoo!'s is currently the only known complaint feedback loop where complaints are routed based on the [DKIM] d= domain of the offending message, rather than last-hop IP address. Thus, the primary initial criteria is that the prospective subscriber sign all their outbound mail with DKIM. (They do route by IP for ISPs, using unpublished criteria to determine whether an ISP qualifies.) The signup process requires a free Yahoo! user ID, after which (like all feedback loop signup pages hosted by Return Path) the subscriber must select either postmaster@ or abues@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain. Yahoo! has not published additional criteria. Falk Expires January 5, 2011 [Page 15] Internet-Draft CFBL Criteria Review July 2010 14. References [DKIM] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., and M. Thomas, "DomainKeys Identified Mail (DKIM) Signatures", RFC 4871, May 2007. [MARF-WG] IETF, "Messaging Abuse Reporting Format (Active WG)", . [SS] Return Path, "About Sender Score", . [WTTW] Atkins, L., "ISP Information - Word to the Wise", . Falk Expires January 5, 2011 [Page 16] Internet-Draft CFBL Criteria Review July 2010 Author's Address J.D. Falk Return Path 8001 Arista Place, Suite 300 Broomfield, CO 80021 US Email: ietf@cybernothing.org URI: http://www.returnpath.net/ Falk Expires January 5, 2011 [Page 17]