On Sat, Jun 12, 2004 at 01:16:04PM +0200, Julian Mehnle wrote:
|
| Well, publishing "+all" certainly would be a lot simpler.
|
| All that, however, doesn't matter, because we can just blacklist the
| domain in question if spam originates claiming to be from there. If the
| spammer says "+all", i.e. "everyone can use my domain", we don't need to
| accept messages from that domain at all.
|
How's the blocklist community coming along with RHSBLs?
Lots of spammers are already publishing SPF, so now's the
time to build a reputation system keyed off domain name.
In the long term, I hope that reputation systems will show
rich information, like "total spam vs total nonspam reported"
as opposed to a binary score, but a binary spam-or-not is
good enough for now.
Should we start such a reputation system ourselves?
If so, could we propagate it through cutting-edge
peer-to-peer anonymizing network systems? If I'm wrong I
don't want to start a huge thread, but it seems to me that a
P2P model gives you the following benefits:
- anonymity (and protection from lawsuits)
- scalability
- protection from ddos attacks
meng