ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Dictionary Attacks

2008-11-19 11:05:11
from [Steve Atkins] [Permanent Link] 

On Nov 18, 2008, at 11:04 PM, SM wrote:


At 22:13 18-11-2008, Richard Golodner wrote:
Hi Steve, could you help me to understand what a "feedback loop" is 
and what it does as far as squashing spam is concerned. I am a Cisco
http://mipassoc.org/arf/specs/draft-shafranovich-feedback- report-05.txt 

Not really.
That explains the ARF format, which is a (trivial) format for encapsulating 
a copy of an email, along with a small amount of metadata, via mime in
another email. It's well-suited for feedback loops, and was designed for
use with them, but it's not one and the same.

In email circles a feedback loop is a service offered by an ISP that
allows people who send email to that ISP to receive (immediately
or on a regular basis) feedback from users of that ISP.

A simple example is AOL. AOL allows other network users to sign
up with AOL to receive feedback reports about email from a particular
IP address. If an AOL user receives email from that IP address and
clicks on the "This is Spam" button then AOL will, amongst other
things, send an email to the feedback loop subscriber telling
them "Someone clicked this-is-spam in response to this email"
and include a copy of the email.

That's how many of the current feedback loops - though there are
only maybe less than ten worth speaking of running right now. They
don't all work exactly that way, though. Some are based on domain
or cryptographic signature in the email, rather than IP address. Some
send a list of email recipients who have hit the TiS button, with no
sample email, rather than one report per recipient.

A de-facto standard for the reports that include a sample of the
email is ARF, which in turn is based on the format AOL originally
used, but it's not a requirement for being a feedback loop, just
a good idea.

SpamCop isn't generally considered to be a feedback loop, for
several reasons (not opt-in, reports not sent by the receiving ISP)
but it's often handled with the same software as "real" FBLs and
treated in just the same way. I tend to call it a pseudo-FBL.

You can imagine FBLs that are not based on user reports, but
are instead based on, maybe volume or automated virus detection
and so on. (You don't need to imagine, they do actually exist on
a small scale). These are useful things, sure, but I consider
them outside the field of FBLs.

There's also aggregate feedback from ISPs - the AOL report
card, SNDS from Hotmail and so on - sent to the same people
that are signed up to the appropriate feedback loops. These
are useful parts of the FBL ecosystem, but not usuallt what people
are referring to when they talk about the feedback loop.

Cheers,
  Steve

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] How about the feedback loop Wikipedia page? (was: Dictionary Attacks, Richard Golodner
Next by Date:  Re: [Asrg] How about the feedback loop Wikipedia page? (was: Dictionary Attacks, Steve Atkins
Previous by Thread:  Re: [Asrg] How about the feedback loop Wikipedia page? (was: Dictionary Attacks, Steve Atkins
Next by Thread:  Re: [Asrg] Dictionary Attacks, Ian Eiloart
Indexes:  [Date] [Thread] [Top] [All Lists]