On Jan 8, 2009, at 12:43 PM, SM wrote:
At 12:10 08-01-2009, Douglas Otis wrote:
There are methods that can be used to limit risks related to
whitelisting domains. Often these involve capturing prior
conversations and noting where the message originated. The
locations might then be expanded to CIDRs, routes, or acquired
address lists.
Is it that important to note where the message originated? Although
the where is commonly used as input for lack of a better reference
point, it can be a problem when renumbering a network or for mobility.
White-listing based upon a domain would be dangerous without also
including the IP address of the SMTP client and message tracking.
There are companies currently providing this service, particularly
needed where spam remains largely unmanaged.
Did this message reach you because:
1. it came from the irtf.org domain
2. it came from the ASRG email address
3. it came from an IP address associated with 1 or 2
4. it came from a CIDR block you view as "safe"
The algorithm can remain oblivious to who owns the SMTP client. It
determines whether a conversation was observed, while also allowing
also users to submit corrections.
A reduction in the false positive detection of spam is achieved
through conversation tracking. Some exceptions are needed to
accommodate one-way traffic, which often represents transactional
notifications. There are services doing this today by using two tiers
of information.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg