ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Collaborative real time spam blocking

2004-10-22 17:10:14
from [Mark C. Langston] [Permanent Link] 
On Fri, Oct 22, 2004 at 02:28:06PM -0400, Jim Whitescarver wrote:

Greetings,

I do not know if this is the correct forum to address this issue.  
Please let me know if these issues are being addressed elsewhere.  What 
I am seeking is a means for coordinating a grass roots trust network for 
aggressive dynamic blocking of spammer IP addresses.    While there are 
many blacklists out there, they do not provide for mechanisms to 
facilitate real time blocking.  Standards are needed for collaborative 
blocking,  incident reporting and verification.  Spammers move to 
quickly for traditional blacklisting approaches be effective.



Have a look at GOSSiP (http://www.sufficiently-advanced.net/ ).  It's a
massively-distributed, peer-to-peer email reputation system.  It could,
in theory, do exactly this sort of thing.  However, I'd need to add some
fairly thoroughly-thought-through identity-aggregation and behavioral
pattern analysis/identification to get it all the way to where you'd
want it to be.

As a quick kludge, you could probably examine all 0 reputation, 0
confidence incoming mail and simply pattern-match GOSSiP ID elements
against other 0/0 identities in the database.  If the total mailcount
from a given identity is, say, <10 (or anything you wish), it's all
tagged as being spam, and the ID is a partial match to other IDs with
similar characteristics, there are assumptions you could make before the
mail is accepted for delivery.  

Since GOSSiP's basically a social network (in the "social network
theory" sense), you'd also have regional variations because of the
scale-free nature of such nets.  The "relay nodes" described at the end
of the spec on the website would allow visibility into these regional
variations, just as "social hubs" act as bridges between otherwise
diverse social groups.

-- 
Mark C. Langston            GOSSiP Project          Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org   http://sufficiently-advanced.net    
mark(_at_)seti(_dot_)org
Systems & Network Admin      Distributed               SETI Institute
http://bitshift.org       E-mail Reputation       http://www.seti.org

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Collaborative real time spam blocking, Matthew Elvey
Next by Date:  [Asrg] Re: A plea for more hierarchy in DNS, Douglas Campbell
Previous by Thread:  Re: [Asrg] Collaborative real time spam blocking, Markus Stumpf
Next by Thread:  [Asrg] Re: Hi, Richard
Indexes:  [Date] [Thread] [Top] [All Lists]