ietf-asrg
[Top] [All Lists]

Re: [Asrg] 2. Improving Blacklists and Reputation Services

2004-02-09 15:33:46
On 2/9/2004,Yakov Shafranovich sent forth electrons to convey:

I would like to pose a question to the group. The IP address of the incoming MTA is the only sure thing that we possess today that cannot be easily spoofed (BGP attacks aside). There are numerous blacklist and reputation services out there that carry and store information about IP addresses. With an LMAP-type proposal like DRIP, this information can also be keyed by domain name.

All of this implies that reputation services such as blacklists will continue to exist. However, a major problem has been with these services is that they provide a binary yes/no answer.


This is incorrect; several BLs already provide a variety of answers.
The reason many BLs provide a binary answer is that the software they run on only allows it (and can thereby be less resource-intensive). 1 bit for all of IPv4 fits in RAM on many machines, especially if compressed...
Some that I've posited are:
SpamCop provide its spam/ham ratio.
Someone who used this IP [threatened to | did] sue me.
A spammer who used this IP owes me money. (payola.org)
The admins of this IP tell me they provide a free email service, but do their best to police their users. The admins of this IP tell me they provide a free email service, but do their best to police their users. The admins of this IP tell me they don't spam and agree to pay for any that is sent from this IP.

AHBL has 18 response codes listed at
http://ahbl.org/responsecodes.php

DDOS attacks on blacklists have shown than reliance on DNS might not be such good idea. Other possibilities like P2P services might be feasible.

Some BLs have found effective ways to defend themselves, as well.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg