Jon Kyme wrote:
Maybe the information should not be a binary black/white, but a
probability/confidence value? "Mail from that IP is spam with a
probability of 99%" or something like that? For most IPs this will
usually be close to 0% or 100%, but it should be somewhere in between
if there are too few samples, or if the host is transitioning from bad
to good or vice versa.
(I have to look a GOSSiP again - I think that was quite similar)
You're right, as I remember, Mark Langston's GOSSiP responded to queries
with a reputation score (and an associated confidence rating - did this get
done?).
Sender domains/addresses are currently completely useless as trustable
entities.
On their own, perhaps. GOSSiP proposed a domain / IP duple as the
reputation identity, by which I guess some of the issues with "granularity"
were (might be) avoided. There were also schemes to amalgamate entities for
scoring purposes - perhaps by ref. to "authorisation" mechanisms such as
SPF.
Actually, I really liked the ideas behind GOSSiP - particularly the way
trust between nodes might be established informally (or not), and then
modulated dynamically (without human intervention) would have been neat (I
don't know how far that got).
I, too, think that GOSSiP[1] is based on rather clever ideas:
"two-dimentional" metric (reputation and confidence), automatically
established inter-node trust. Unfortunately, the project looks dead.
My idea of good practical anti-spam solution would be a GOSSiP-like
distributed reputation system combined with greylisting[2] of sites with
low confidence rating.
[1] http://gossip-project.sourceforge.net/
[2] http://hcpnet.free.fr/milter-greylist/
Eugene
signature.asc
Description: OpenPGP digital signature
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg