Closed dfn-certling closed 3 years ago
FrederikP
commented
3 years ago Hi there, thanks for your question.
We have added a new section to the README explaining how we propose to use XARF via email. https://github.com/abusix/xarf/blob/master/README.md#xarf-via-smtp
It also includes an example email.
We have already started using this approach at abusix and our partners/other organizations have started to migrate to the new json based xarf schema.
dfn-certling
commented
3 years ago Great thanks. Similar to the previous concept but with differences. Do you have any ideas on bulk notifications? The previous approach of putting multiple containers into one mail might ease processing but the mails tend to get a bit unwieldy.
FrederikP
commented
3 years ago The consent in the German "eco anti abuse" group was that most would be happier if there are only single-report emails rather than bulk. That's why it's currently not defined. I think single reports also help underlining that sending out reports immediately is desired for "real time" reasons rather than collecting stuff for a while and then sending out batches of delayed information. The faster you get reports, the quicker you can handle abuse, the greater the chance of making a big positive impact.
I just went looking for the overall specification that originally was in https://github.com/xarf/xarf-specification. Since that repo is marked as deprecated and I couldn't find any information besides the schemata in this repo, is there no more specification on how email based reports are supposed to look like?