A general reputation framework should be able to make assertions
about any source identity, and especially identities that can be
verified. This includes:
IP
"Mail From" address
Source domain
DomainKeys' [selector.]domain space
PRA
Regards,
Alex Bobotek
-----Original Message-----
From: asrg-bounces(_at_)ietf(_dot_)org
[mailto:asrg-bounces(_at_)ietf(_dot_)org] On Behalf
Of
Jon Kyme
Sent: Monday, March 07, 2005 9:48 AM
To: ASRG
Subject: SPAMWARNING Re: [Asrg] A question on trust and trust
propagation.
Maybe the information should not be a binary black/white, but a
probability/confidence value? "Mail from that IP is spam with a
probability of 99%" or something like that? For most IPs this will
usually be close to 0% or 100%, but it should be somewhere in
between
if there are too few samples, or if the host is transitioning from
bad
to good or vice versa.
(I have to look a GOSSiP again - I think that was quite similar)
You're right, as I remember, Mark Langston's GOSSiP responded to
queries
with a reputation score (and an associated confidence rating - did
this
get
done?).
Sender domains/addresses are currently completely useless as
trustable
entities.
On their own, perhaps. GOSSiP proposed a domain / IP duple as the
reputation identity, by which I guess some of the issues with
"granularity"
were (might be) avoided. There were also schemes to amalgamate
entities
for
scoring purposes - perhaps by ref. to "authorisation" mechanisms such
as
SPF.
Actually, I really liked the ideas behind GOSSiP - particularly the
way
trust between nodes might be established informally (or not), and then
modulated dynamically (without human intervention) would have been
neat (I
don't know how far that got).
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg