spf-discuss
[Top] [All Lists]

Re: how blacklisting will work in the future

2004-01-12 14:40:19
In 
<2A1D4C86842EE14CA9BC80474919782E011132DB(_at_)mou1wnexm02(_dot_)vcorp(_dot_)ad(_dot_)vrsn(_dot_)com>
 "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> writes:

If you were running a reputation service of the type I described earlier you
could measure he number of requests against a given address as a proxy for
the number of messages sent out by the address.

This is basically how spamcop works.  It is not clear how
senderbase.org works, but it may well be similar.  


Of course spamers could also try to work that feature as well, generating
thousands of bogus tests against their own domain to dilute their report.

Old news.  It was discovered that spammers were doing this to spamcop
about a year ago.


This in turn could be detected and used as a spamdicator by comparing to
other sources of traffic measurement.

This is not always easy to detect.  In particular, DNS UDP packets can
easily have forged source IP addresses.  Other methods of sampling
generally have other holes.


Getting accurate mail volumes is A Very Hard Task.


-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


<Prev in Thread] Current Thread [Next in Thread>