Two points:
1. I was speaking about analysis in general, not just blacklist analysis.
So, there are other attributes that you wish to capture including headers
and important content of the message. This information is obviously
sensitive.
2. As you mentioned, with blacklists you need the list of IP addresses. The
problem is that the list of IP addresses in the headers will often include
IPs of internal mail servers that organizations do not wish to reveal. So,
you often have to reduce this to the set of IP addresses that come before
the recipient's organization in order to make this data public.
There are many intricacies here. The SpamAssassin guys have experienced them
and within Spam Archive we've experienced them. It's just not as simple as
you initially thought. It's far from impossible, but just requires some
thoughtfulness. That is why I was outlining these three paths as potential
paths for individuals to spend some time pursuing.
-----Original Message-----
From: Brad Knowles [mailto:brad(_dot_)knowles(_at_)skynet(_dot_)be]
Sent: Wednesday, August 13, 2003 11:56 AM
To: Paul Judge
Cc: 'Brad Knowles'; 'jm(_at_)jmason(_dot_)org'; 'Yakov Shafranovich';
'Jason Steiner'; 'asrg(_at_)ietf(_dot_)org'
Subject: RE: [Asrg] 7. Best Practices - DNSBLs - Article
At 11:07 AM -0400 2003/08/13, Paul Judge wrote:
3) Create tools that sufficiently anonymize the ham so that people
are comfortable submitting it. There is similar work being done in
other areas of networking. One of the difficulties here is
anonymizing the data while preserving the relevant relationships
within the data.
In terms of analyzing black list performance, all we
need is the
IP address(es) found in the headers of the message. Everything else
is superfluous, and indeed gets in our way.
That should be sufficiently anonymous that there
shouldn't be any
problem with people being willing to share that information. Or, so
I would think.
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+
!E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++)
X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)*
tv+z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg