ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] "Mythical" Global Reputation System

2009-12-12 04:57:49
from [Alessandro Vesely] [Permanent Link] 
Let me try and summarize the topics we are concerned about.
* "Assess operator's policy enforcement." IMHO, the primary product of feedback processing is to tell how cleverly an operator blocks reported spammers. However, an operator could lie, which is why we need the other topics. 

Douglas Otis wrote:

On 12/11/09 6:41 AM, John Leslie wrote:

Douglas Otis<dotis(_at_)mail-abuse(_dot_)org>  wrote:
    I remain convinced that senders need an established relationship
with vouching services and receivers need an established relationship
with reputation services, and that the interaction between these two
types of services is an area for interesting work.
* "Relationship between vouching and reputation services." Vouching must clearly be based on reputation. Why should it be a separate service, and what are the relationships between them and with mail operators?
The focus could be more on vetting feedback sources directed to the postmasters using _blind_ addresses, rather than assessing each individual message, and have a centralized feedback system that publishes related metrics and sender's specific information, such as their volumes, their purported types of messages, and their directly verifiable sources such as hostnames or DKIM signatures. The direct information assists in establishing correctly attributed feedback.
* "Reliable feedback paths." This includes vetting sources, assessing operators, and establishing minimal authentication requirements for exchanging abuse reports.
* "Senders' generic profiling." A rather slippery slope, because we don't want to break anonymity nor privacy. But we need some metrics to identify "sockpuppetry" (or whatever we'd want to call multiple 5322.From operated by a single individual/entity.) 

Thus far, I've counted four topics. Did I forget or overgeneralize any?
If we want an ASRG subgroup, it is useful to pinpoint what we would use it for. To know where we are and what can we shoot for is obviously interesting anyway. 



_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] TMGRS, Adding a spam button to MUAs, Peter Saint-Andre
Next by Date:  Re: [Asrg] Adding a spam button to MUAs, Peter J. Holzer
Previous by Thread:  Re: [Asrg] "Mythical" Global Reputation System, Douglas Otis
Next by Thread:  Re: [Asrg] "Mythical" Global Reputation System, John Leslie
Indexes:  [Date] [Thread] [Top] [All Lists]