ietf-asrg
[Top] [All Lists]

RE: [Asrg] 7. Best Practices - DNSBLs - Article

2003-08-13 09:11:40

Two points:

1. I was speaking about analysis in general, not just blacklist analysis.
So, there are other attributes that you wish to capture including headers
and important content of the message. This information is obviously
sensitive.

2. As you mentioned, with blacklists you need the list of IP addresses. The
problem is that the list of IP addresses in the headers will often include
IPs of internal mail servers that organizations do not wish to reveal. So,
you often have to reduce this to the set of IP addresses that come before
the recipient's organization in order to make this data public.

There are many intricacies here. The SpamAssassin guys have experienced them
and within Spam Archive we've experienced them. It's just not as simple as
you initially thought. It's far from impossible, but just requires some
thoughtfulness. That is why I was outlining these three paths as potential
paths for individuals to spend some time pursuing.

-----Original Message-----
From: Brad Knowles [mailto:brad(_dot_)knowles(_at_)skynet(_dot_)be] 
Sent: Wednesday, August 13, 2003 11:56 AM
To: Paul Judge
Cc: 'Brad Knowles'; 'jm(_at_)jmason(_dot_)org'; 'Yakov Shafranovich'; 
'Jason Steiner'; 'asrg(_at_)ietf(_dot_)org'
Subject: RE: [Asrg] 7. Best Practices - DNSBLs - Article


At 11:07 AM -0400 2003/08/13, Paul Judge wrote:

 3) Create tools that sufficiently anonymize the ham so that people 
are  comfortable submitting it. There is similar work being done in 
other areas  of networking. One of the difficulties here is 
anonymizing the data while  preserving the relevant relationships 
within the data.

      In terms of analyzing black list performance, all we 
need is the 
IP address(es) found in the headers of the message.  Everything else 
is superfluous, and indeed gets in our way.

      That should be sufficiently anonymous that there 
shouldn't be any 
problem with people being willing to share that information.  Or, so 
I would think.

-- 
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>

"They that can give up essential liberty to obtain a little 
temporary safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ 
!E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) 
X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* 
tv+z(+++)


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg