A Review of Published Criteria for Acceptance Into a Complaint Feedback Loop Program
draft-jdfalk-marf-acceptance-criteria-00

Abstract

All known Feedback Generators (the operators of complaint feedback loops) have some criteria for acceptance of requests to receive feedback. This document is a review of such criteria, where publicly available. It is intended to inform design decisions within the Mail Abuse Reporting Format (MARF) Working Group (IETF, “Messaging Abuse Reporting Format (Active WG),” .) [MARF‑WG], and likely will never advance beyond internet-draft status.

The information included herein was gathered from public web sites.

Status of this Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, except to format it for publication as an RFC or to translate it into languages other than English.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

This Internet-Draft will expire on January 5, 2011.

Copyright Notice

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1.  Summary
2.  AOL
3.  BlueTie
4.  Comcast
5.  Cox
6.  Earthlink
7.  Microsoft
8.  Outblaze
9.  OpenSRS
10.  Rackspace
11.  Road Runner
12.  USA.net
13.  Yahoo!
14.  References
§  Author's Address

1.  Summary

2.  AOL

http://postmaster.info.aol.com/Postmaster.FeedbackLoop.html

First, AOL offers subscribers a drop-down list consisting of abuse@, postmaster@, and "any other email address listed in the FBL email's domain WHOIS record." A prospective subscriber may choose one of these addresses to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain.

Next, AOL attempts to prove ownership of the IP addresses (AOL's feedback loop is based on last-hop IP address, not domain.) For this, they require that one of five criteria is met:

1. reverse DNS (PTR record) for each IP shares the domain name selected in the first step
2. at least one authoritative nameserver for each IP shares the domain name
3. IP WHOIS information for each IP contains the domain
4. ASN WHOIS information contains the domain

3.  BlueTie

BlueTie is perhaps best known as the mailbox provider behind Excite.

http://feedback.bluetie.com/

Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain.

BlueTie has not published additional criteria.

4.  Comcast

http://postmaster.comcast.net/feedback-loop.aspx

Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain.

Comcast also publishes the following criteria:

• IPs with a Sender Score (Return Path, “About Sender Score,” .) [SS] of 60 or above will be accepted.
• IPs with a Sender Score of 30 to 60 cannot appear on any DNSBLs.
• IP with a Sender Score below 30 will not be approved.

5.  Cox

http://postmaster.cox.net/confluence/display/postmaster/Feedback+Loop

Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain.

Cox also publishes the following criteria:

• An IP or range with a Sender Score (Return Path, “About Sender Score,” .) [SS] of 60 or higher will be approved.
• An IP or range with a Sender Score between 30 and 60 may be approved if not listed on any RBLs.
• A score of less than 30, or no score due to not enough traffic from the IP, will be denied.

6.  Earthlink

Multiple sources, including [WTTW] (Atkins, L., “ISP Information - Word to the Wise,” .), report that Earthlink provides feedback only to fellow ISPs. Their specific criteria do not appear to be public.

7.  Microsoft

Microsoft's "Junk Mail Reporting" program covers Hotmail, MSN, and Windows Live Mail.

https://support.msn.com/eform.aspx?productKey=edfsjmrpp&page=support_home_options_form_byemail&ct=eformts&scrx=1

While Microsoft does not publicize the precise criteria used, some of the questions asked by their sign-up form provide some clues:

• How would you describe your company or yourself? (multiple choice)
• The home page where people sign up for your service
• The opt-out link for each list or a link to your organization's Privacy Policy
• Sender IPs for verification
• Are the IP addresses registered under your company's name or domain name?
• If no, do you have exclusive sending rights from the IP via your hosting company (not shared with any other senders)?
• Can you remove customers who complain from your lists, or take action against spam accounts?

8.  Outblaze

http://spamblock.outblaze.com/

Word to the Wise (Atkins, L., “ISP Information - Word to the Wise,” .) [WTTW] reports that Outblaze's complaint feedback loop is only available to senders who confirm all subscription (opt-in) requests to their lists. Other sources have reported that Outblaze's complaint feedback loop is tied to their whitelisting program. The specifics do not appear to have been publicized.

9.  OpenSRS

OpenSRS is a mail hosting service operated by Tucows.

http://fbl.hostedemail.com/

Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain.

Tucows has not published additional criteria.

10.  Rackspace

http://fbl.apps.rackspace.com/

Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain.

Rackspace has not published additional criteria.

11.  Road Runner

http://feedback.postmaster.rr.com/

Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain.

Road Runner has not published additional criteria.

12.  USA.net

http://fbl.usa.net/

Like all feedback loops hosted by Return Path, the subscriber must first select either postmaster@ or abuse@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain.

USA.net has not published additional criteria.

13.  Yahoo!

http://help.yahoo.com/l/us/yahoo/mail/postmaster/feedback/

Yahoo!'s is currently the only known complaint feedback loop where complaints are routed based on the [DKIM] (Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., and M. Thomas, “DomainKeys Identified Mail (DKIM) Signatures,” May 2007.) d= domain of the offending message, rather than last-hop IP address. Thus, the primary initial criteria is that the prospective subscriber sign all their outbound mail with DKIM.

(They do route by IP for ISPs, using unpublished criteria to determine whether an ISP qualifies.)

The signup process requires a free Yahoo! user ID, after which (like all feedback loop signup pages hosted by Return Path) the subscriber must select either postmaster@ or abues@ their domain to receive a confirmation message. The message includes a unique URI which, when opened, confirms that the subscriber has permission to receive feedback related to that domain.

Yahoo! has not published additional criteria.

14. References

Author's Address