By themselves, blacklists have problems. However, if they are not the sole
source of information used, then their impact is mitigated. In a consent
system, a blacklist would be one of many sources of information feeding
into the system, and providing facts on which the system makes its decisions.
Also, perhaps blacklist problems and high degree of reliance on them,
should be highlighted in the BCP documents.
At 06:29 PM 8/5/2003, Bob Wyman wrote:
My personal feeling is that these "community based" systems are
almost inevitably going to end up being problematic once deployed
although they do often tend to sound attractive in theory before much
analysis is done. As the degree of automation increases and the systems
become more isolated from rational decision making processes, these
systems can become down-right scary... The problem here is with creating
the opportunity for a "tyranny of the mob."
I can imagine groups of kids getting together in IM chat groups
and deciding to have some fun "shutting down Microsoft" by having large
numbers of people report their machines as a source of spam. The same
sort of "community based" attack might be used to shut down the mail
servers of the Democratic National Committee or some specific political
candidate shortly before an election...
Blacklists are blacklists. A blacklist that is created by
"community" action is, to me, no less frightening and no less evil then
a black list created by dictator or by some political party. Once the
blacklisting technology is let loose in the network, we'll find that
folk will discover that it can be used to block more than just spam. A
tool that can be used to blacklist spammers can just as easily be used
to blacklist individuals, political parties, people who send mail with
"bad" words, jews, or blacks...
bob wyman
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org] On
Behalf Of
Peter Kay
Sent: Tuesday, August 05, 2003 2:43 PM
To: Yakov Shafranovich; bob(_at_)wyman(_dot_)us; asrg(_at_)ietf(_dot_)org
Subject: RE: [Asrg] Trustic anti-spam system closes down because it
doesn't work
There's a fair amount posted on the slashdot site. Basically an
unacceptably high level of false positives, hypothesized to be cause by
a high number of spam reports but a low number of "good senders"
reports.
> -----Original Message-----
> From: Yakov Shafranovich [mailto:research(_at_)solidmatrix(_dot_)com]
> Sent: Tuesday, August 05, 2003 8:33 AM
> To: bob(_at_)wyman(_dot_)us; asrg(_at_)ietf(_dot_)org
> Subject: Re: [Asrg] Trustic anti-spam system closes down
> because it doesn't work
>
>
> At 11:33 AM 8/5/2003, Bob Wyman wrote:
> >from: http://www.trustic.com :
> >"We have determined that the system as it currently is designed will
> >not achieve the level of accuracy that we require, and an inaccurate
> >system is worse than no system." .....
>
> Is there detailed information on why it failed?
>
>
> _______________________________________________
> Asrg mailing list
> Asrg(_at_)ietf(_dot_)org
> https://www1.ietf.org/mailman/listinfo/asrg
>
>
>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg