On 04/01, johnl(_at_)iecc(_dot_)com wrote:
Sounds swell, but how do you plan to qualify the people sending in
data? What's to keep a spammer from sending in a file full of his
junk marked ham?
I should have mentioned that I brought this problem up on this list
before:
http://www.ietf.org/mail-archive/web/asrg/current/msg16398.html
The general consensus seemed like "It might work, but it would be hard, and
you'd be crazy to try." So I thought about it a lot more, and finally
decided to give it a try.
On 04/01, Neil Schwartzman wrote:
Beyond that, ongoing qualification & compliance are big deals when
running a whitelist. I ran Return Path's for four years, and everyday was
some new issue, be it a good sender gone bad, or a compromised machine,
or an argument with a bad sender who wanted to tell me his business plan.
It's good to actually hear the perspective of someone who has tried
something similar, thanks.
One of the things that has encouraged me is that spamassassin seems to not
have had a problem with their mass-check submitters. And I'm hoping to be
less attractive to people trying to get their spam through than I can
imagine Return Path being. But I realize that could be wishful thinking.
And I think spamassassin has carefully vetted contributors.
Not for the faint-of-heart, nor the sane. I've said the same thing
repeatedly to others who have thought of starting a whitelist: don't.
Noted.
On 04/01, Rob McEwen wrote:
(1) grey-hat and black-hat ESPs would love nothing more than to
distribute to you a high quality feed of indisputable ham... and then
slip in some of their own messages to ensure that they and their clients
get whitelisted.
Yup. I've spent a lot of time thinking about how this could be gamed.
That's the most obvious. (And I don't mean to imply that I believe I've
figured out all the possible problems.)
intervention. What I found was that SOME snowshoe spammers were
frequently whitelisted during that time period when the spammer had not
/yet/ built up enough bad reputation to get blocked by many (or any)
blacklists. The problem here is that by the time the snowshoe spammer
has finally gotten blacklisted by some DNSBLs, he is /already/ in that
whitelist and anyone using such an automated whitelist is going to then
give that snowshoe spammer a free pass. This is one of the greatest
That does sound like a fun problem, thanks.
(3) Also, calling it a "whitelist" is going to be problematic if any of
my warnings materialize. Why? Because the very label "whitelist" implies
I'll keep that in mind. This post is actually the only time I've called
it a whitelist, because that's my primary goal, not, admittedly, what
the result actually looks like.
And, well, white lists and black lists get things wrong sometimes, and I
suppose people are going to think it might be intentional. I'm... really
not worried about people thinking it was intentional. But it might be a
good idea to clarify on the website that if you think something is wrong,
tell me instead of thinking it was intentional. Thanks for pointing it
out.
--
"Of course there's strength in numbers. But there's strength in sharp
weaponry too. Ironically, this lead to what we call 'civilization'."
- spore
http://www.ChaosReigns.com
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg