--On 15 July 2010 10:49:25 -0700 Douglas Otis <dotis(_at_)mail-abuse(_dot_)org>
wrote:
On 7/14/10 10:34 AM, Dave CROCKER wrote:
Does anyone know of an open-source module that is used to develop a
reputation table by watching traffic and correlating spamminess with the
original IP Address?
d/
Dave,
The program rbldnsd is an open source program used to publish
reputations. Unfortunately, inputs used to establish reputation provide
nonlinear relationships when used to grant "forgiveness". Forgiveness
has become increasing important when dealing with the many compromised
accounts. Some simply now use a strategy of white-listing larger
providers, but if everyone took that approach, email would quickly
become useless as a service. What can be said is that reputation is
slow and as a result fairly ineffective at dealing with bot-net activity
being emitted from otherwise "respectable" sources.
-Doug
Yes, but why ask on a DKIM mailing list? I speculate that Dave wants to
modify it to build a reputation engine based on Author address, for DKIM
signed messages. With that, you don't have to forgive bad apples just
because they share an IP address with lots of good senders. Add in
reputation for envelope sender addresses when SPF passes, and you have *per
sender* reputation database for (for us) the majority of inbound mail
(that's passed IP reputation tests).
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html