No, I was thinking of of more complex scenario then just standartized xml
filter list. While I agree that current spam filters implementations often
use different methods for representing and getting rule set, I do not
I understand. It's just that it's a harder job for filter software
to integrate with it, and there's a tendency to not focus on things
which make it easier for your clients to switch to a competitor :-).
I was thinking more along the lines of allowing to use multiple products!
But yes. I think it's possible, and a standard in that area would be
good.
I would propose however, that if we're going to specify such a
thing--let's start on the side of the architecture that everyone else
seems to leave until last. Namely--how does it handle authentication
and security. Keep in mind that such a protocol would possibly also
run over the WAN, as it would provide a way for third-party filtering
services to manage your mail filtering, while you control the rules.
(Or vice versa--you do the filtering, and the third party keeps your
spam filtering rules up-to-date.)
Standard user/password authentication for updating central repositatory.
Possibly TLS if desired.
SHA1 for reporting filtering in headers for confirmation with key at
the central server. Or maybe even x.509 to be absolutly sure.
And those are just quick thoughts on that. Proper authentication can be
done with no problem, we have many examples with other protocols,
including SMTP.
And I was thinking futher along the line of creating standard header lines
on what filter has been used (for client MUA to know in standard format)
and in order to allow for distributed filtering systems and removing
necessity of applying same filter twice.
That gets harder. Products like ours and SpamAssassin may apply
hundreds of rules, and what is far more important than which rule
fires, is how the combination of results is weighted.
Actually spamassasin is quite good at reporting what has been checked as is.
I'v no problem with rules being weighted, but I'd like to know what each
resulted in. And it really not 100s of rules (not yet...), it maybe 100s
in terms of long filter list but actual top-level rules are about dozen.
If you are
specific to the point of "we checked for this string" then you have
too much data.
Don't want that.
And if you're general to the level of "we checked for
strings" then you haven't really said anything of use to the next
filter in the line
"Checked user-specific whitelists" would be good enough for me.
(I'm also not a fan of adding lots of new
headers--but I think this has problems even before we get to that.)
Possibly. But for example mentioned spamassasin already adds headers and
so do other filtering products. Each reports in its own way, though.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg