spf-discuss
[Top] [All Lists]

reputation systems and RHSBLs

2004-06-12 09:25:06
On Sat, Jun 12, 2004 at 01:16:04PM +0200, Julian Mehnle wrote:
| 
| Well, publishing "+all" certainly would be a lot simpler.
| 
| All that, however, doesn't matter, because we can just blacklist the
| domain in question if spam originates claiming to be from there.  If the
| spammer says "+all", i.e. "everyone can use my domain", we don't need to
| accept messages from that domain at all.
| 

How's the blocklist community coming along with RHSBLs?

Lots of spammers are already publishing SPF, so now's the
time to build a reputation system keyed off domain name.

In the long term, I hope that reputation systems will show
rich information, like "total spam vs total nonspam reported"
as opposed to a binary score, but a binary spam-or-not is
good enough for now.

Should we start such a reputation system ourselves?

If so, could we propagate it through cutting-edge
peer-to-peer anonymizing network systems?  If I'm wrong I
don't want to start a huge thread, but it seems to me that a
P2P model gives you the following benefits:

 - anonymity (and protection from lawsuits)
 - scalability
 - protection from ddos attacks

meng