A question has come up regarding the reliability of domain ratings to be
used in a system like CSV-DNA. The worry is that spammers will game the
system, and reputation scores will be of so little value that they can't
even be used as input to a spam filter. I've been thinking about this, and
the only scenario I can come up with would be fairly easy to defeat. I'm
sure this group has given it a lot of thought, so I'm posing the question
here in case I'm missing something obvious.
The scenario I have in mind is a spammer trying to raise his reputation
score by sending huge quantities of bogus mail to collaborating
recipients. It seems like a good rating service should be able to detect
that situation by looking for unusual patterns in the statistics, e.g.
millions of emails with no complaints to just a few bogus domains, and 100%
spam to domains that have no bogus recipients. To hide the spam, bogus
flows would have to be really huge, and evenly distributed to each victim
domain.
Maybe there are some other tricks I can't think of. Are you confident a
widely-used domain-rating system could be defended?
--
Dave
************************************************************ *
* David MacQuigg, PhD email: david_macquigg at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *