In the case where the abuse comes from the abuser's provider (such as when the "abuser" is a fake identity created by the abuser's provider in order to achieve abusive outcomes like spam or phishing), sending an abuse complaint verbatim to the abuser's provider is exactly the wrong thing to do.
The abuser's provider may need to get told that sanctions have been imposed against his user, but telling him why feeds into machine learning on how to avoid anti-abuse mechanisms.
Discussion about the potential for a reporter to forge an abusive message at interim meeting 10-Apr-2024:
Travis says the abuse reports should go to the reporter's provider, while the hub provider is specified in the PR currently. Harald says you shouldn't reveal abuse reports to the alleged abuser's provider.
The situation is better than if we only have AEAD, but we still may need some additional franking (by the hub using a symmetric algorithm)
In the case where the abuse comes from the abuser's provider (such as when the "abuser" is a fake identity created by the abuser's provider in order to achieve abusive outcomes like spam or phishing), sending an abuse complaint verbatim to the abuser's provider is exactly the wrong thing to do.
The abuser's provider may need to get told that sanctions have been imposed against his user, but telling him why feeds into machine learning on how to avoid anti-abuse mechanisms.