Maybe the information should not be a binary black/white, but a
probability/confidence value? "Mail from that IP is spam with a
probability of 99%" or something like that? For most IPs this will
usually be close to 0% or 100%, but it should be somewhere in between
if there are too few samples, or if the host is transitioning from bad
to good or vice versa.
(I have to look a GOSSiP again - I think that was quite similar)
You're right, as I remember, Mark Langston's GOSSiP responded to queries
with a reputation score (and an associated confidence rating - did this get
done?).
Sender domains/addresses are currently completely useless as trustable
entities.
On their own, perhaps. GOSSiP proposed a domain / IP duple as the
reputation identity, by which I guess some of the issues with "granularity"
were (might be) avoided. There were also schemes to amalgamate entities for
scoring purposes - perhaps by ref. to "authorisation" mechanisms such as
SPF.
Actually, I really liked the ideas behind GOSSiP - particularly the way
trust between nodes might be established informally (or not), and then
modulated dynamically (without human intervention) would have been neat (I
don't know how far that got).
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg