Not exactly the question asked by Yakov, but mainly about what RBLs will be.
If I look at our mail server who's sending spam, I can see that most of
them are doing only very few connections a day : one, two or three. Very
few gateways do more than five connections. - I'm talking about a
mailserver with some thousand users and about 50 K connections a day.
This may indicate that many spam is sent by a distributed system of
workers, and not by open relays.
If this is the case, and if this kind of way continues - the tendance
will be to have more and more IP addresses to be inserted on blacklists.
Also, the time some particular IP address will be used by spammers have
chances to be shorter than the address of an open relay.
The possible consequence is that the number of addresses may explode.
Nowadays, list.dsbl.org has 2100000 (two million and a hundred thousand)
addresses.
Is it reasonable to consider that there isn't a limit on the number of
IP addresses on a blacklist ?
Yakov Shafranovich wrote:
I would like to pose a question to the group. The IP address of the
incoming MTA is the only sure thing that we possess today that cannot be
easily spoofed (BGP attacks aside). There are numerous blacklist and
reputation services out there that carry and store information about IP
addresses. With an LMAP-type proposal like DRIP, this information can
also be keyed by domain name.
All of this implies that reputation services such as blacklists will
continue to exist. However, a major problem has been with these services
is that they provide a binary yes/no answer. Many commercial ISPs would
like to make the decisions themselves. Filters such as SpamAssasin would
probably be better off basing data on a larger scale than a simple yes
or no.
Taking all of this into account, I ask the following:
1. Is it feasible to develop a standard format and protocols for storing
and quering data from reputation services?
2. Is it feasible for such format to be feature rich providing more data
than a simple yes/no. Meng Wong of SPF proposed on his list a while back
something like how many messages sent by MTA, how many were spam, etc.,
akin to what SenderBase does.
3. Can this be supplemented by accrediation formats and protocols?
4. Would any of this improve blacklists?
5. Would all of this reduce spam?
Feel free to forward this message to other lists, and NANAE.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"I ate your Web page. / Forgive me. It was juicy / And tart on my
tongue." (MIT's 404 Message)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
60, bd Saint Michel http://www.ensmp.fr/~martins
75272 - PARIS CEDEX 06
mailto:Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg