spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Attacking the throwaway-domain problem

2003-10-14 15:05:24
from [Meng Weng Wong] [Permanent Link] 
On Tue, Oct 14, 2003 at 05:48:27PM -0400, Eric S. Raymond wrote:
| Justin Mason <jm(_at_)jmason(_dot_)org>:
| > A DNSBL of "spammer domains".
| 
| Wouldn't this just replicate the known problems with blocklists?

SPF was always intended to operate together with some sort of RHSBL-type
database.  After all, spammers can publish SPF records too.

SPF tells you the domain is validated; then an RHSBL tells you if the
domain is good or evil.  See the bottom of 
http://www.sdsc.edu/~jeff/spam/cbc.html

Today RHSBLs have two response types; UNKNOWN and EVIL.  A reputation
scheme would add more response types:

  UNKNOWN vs KNOWN
  RATING: number from -100 to 100
  REPORT-SIZE: xx
  BEEN-AROUND-SINCE: date
  
Other response types have been suggested:

  ACCOUNTABILITY-LEVEL: whether registrar stores some kind of real-world ID, etc

AOL, Hotmail, Yahoo, Earthlink etc get a very good sample of the total
Internet mailstream.  They would be a good source of reputation data.
ISPs aside, schemes like Vipul's Razor collect a tremendous amount of
data about incoming domains.  Vipul suggested that he could modify the
Razor client to indicate whether the domain had been SPF-verified; if
so, the reputation scheme would acquire another datapoint.

But this sort of centralized reputation scheme is merely the first thing
that came to mind.

I am sure many more devilishly clever schemes will emerge from the P2P world.

For example, small ISPs can greylist or hold-for-review messages that
meet a spam profile of not coming from a previously whitelisted sender.
If a content filter decides the message looks like spam, the ISP can
forward that decision to a local reputation hub; that hub, once it sees
decisions from enough members, can submit the decision into an
internet-wide RHSBL.  Think of it as a distributed hierarchy like the
DNS, only information flows both ways.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Attacking the throwaway-domain problem, Justin Mason
Next by Date:  Re: Attacking the throwaway-domain problem, Erik Corry
Previous by Thread:  Re: Attacking the throwaway-domain problem, wayne
Next by Thread:  RE: updates from Foo Camp, Dustin Trammell
Indexes:  [Date] [Thread] [Top] [All Lists]