ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Taxonomy of anti-spam systems

2003-03-10 01:59:18
from [william] [Permanent Link] 
Could add the following into
a. ii. 3 ..
  Callback email address verification (i.e. verify email address is valid 
on calling server),as in Keith Moor's code or new postfix code

   Also actual callback pickup (not actually implemented but proposed couple
times, including in drafts) might require its own category or go also 
into "how was it sent" a. ii. 3.

   Also there several other not-implimented approaches (and you did include 
hashcash in your list, so I assume its ok) such as message tracking server
and similar ideas of having mail servers keep track of what emails came 
from it and receiving system being able to verify that (also similar to 
callback but verification is not just based on actual email address but 
both email address, messageid and date).

  And its unclear what category below it belongs to (or if it belongs among
"spam fighting" at all) is web pickup - i.e. only notification of email 
is sent and the actual email is hold at particular emailbox.

I'll think of some more staff if I go through my notes tomorrow.

Oh, almost forgot - I do not see simple catch-spam email accounts (which I 
use), i.e. special email accounts, not ever used for actual communication 
but advertised couple times on newsnet and embedded on website and 
anything coming into it is considered spam and email is then searches in 
your other accounts and same messages as in catch-spam removed. To be 
honest I actually use this simple approach and it works fairly well.
 
On Sun, 9 Mar 2003, Paul Judge wrote:


Here is a first draft of a taxonomy of anti-spam systems. I've classified
the systems into spam prevention, spam deterrence, and spam reduction
systems.


1.    Spam Prevention Approaches -  These systems aim to prevent the
spread of spam messages. There are fail-open and fail-closed systems.
Fail-open systems aim to detect unwanted messages; just as in intrusion
detection, there are signature-based and anomaly detection-based schemes.
I've marked them below as either [SB] or [AD]. Another useful view would be
whether systems are implemented at the ingress or egress.

      a)      Fail-Open (determine unwanted messages)
              i)      Human Determination
                      (1)     Collaborative filtering (i.e., razor) [SB]
              ii)     System Determination
                      (1)     Who is it from? 
                              (a) Traditional Blacklists [SB]
                              (b) reputation systems [AD]
                      (2)     What is in it? (Content Filtering)
                              (a)     Static lists [SB]
                              (b)     Learning methods [AD]
                      (3)     How was it sent?
                              (a)     Forged info? (i.e. reverse lookups)
[AD]
                              (b)     Envelope characteristics; delivery
path information [SB/AD]
                      (4)   Other properties
                              (a) bulk determination (i.e. DCC)
                              
 
      b)      Fail-Closed (determine wanted messages)
              i)      Whitelists
                      (1)     Basic
                      (2)     Verified
                              (a)     Authenticated sender identity
                              (b)     Token supported         
                              (c)     Disposable email addresses
                      (3)  Used in Fail-open systems 
                              (a) normal whitelists
                              (b) Third-party lists (i.e. trusted sender)
              ii)     Challenge/response systems
                      (1)     Basic   
                      (2)     Human verification (i.e. Turing tests)

2)    Spam Deterrence Approaches - These systems aim to deter spamming
activities. In most areas of life, deterrence is achieved by introducing the
ability to identify and track wrongdoers. These systems can provide input to
spam prevention systems. Also, these systems are useful with the presence of
laws to prosecute the wrongdoers that are identified and tracked.

      a)      Authentication
      b)      Tracking
      c)      Non-repudiation

3)    Spam Reduction - These systems aim to reduce the level of spam by
making it more costly or timely to have the messages delivered.
Independently, this type of system does not aim to identify or block spam,
but simply to change the characteristics of the spam to reduce the amount of
spam. These systems can be used in conjunction with deterrence or prevention
systems.

      a)      Cost-based Systems (increase cost of spamming)
      b)      Proof-of-work (i.e. hashcash)
      c)      Rate limiting
              i)      Ingress
              ii)     egress



I'm not fully comfortable with the spam reduction being a third category,
but I am currently not sure how to better classify them. What classes of
techniques did I miss? Once we add other classes and see if there are better
ways to classify these, we will begin to build this out into a survey of the
systems in each class. I have a draft of some of this done, but I want to
get feedback on the taxonomy before dumping that on the list.

Paul
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


---
William Leibzon
Elan Communications Inc. 
william(_at_)elan(_dot_)net

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Lame filters at pop.snert.net, Matt Sergeant
Next by Date:  [Asrg] What would consent look like?, Jon Kyme
Previous by Thread:  Re: [Asrg] Taxonomy of anti-spam systems, Matt Sergeant
Next by Thread:  Re: [Asrg] Taxonomy (Four oracles model), Hadmut Danisch
Indexes:  [Date] [Thread] [Top] [All Lists]