spf-discuss
[Top] [All Lists]

Re: Distributed reputation system; GOSSIP

2004-06-23 17:03:44
--Shevek <spf(_at_)anarres(_dot_)org> wrote:
In response to freeside's comment: I agree, with the caveat that the
computation (which must be performed by every MTA over the raw data) is
not expensive. These computations _are_ frequently expensive (consider
sa-learn), which suggests that some of the computation, at least, should
be performed by the reputation service and maintained as persistent
derived data.

If you are to run your own GOSSIP server for a cluster of MTAs (not
generally true for smaller users, but certainly for organisations), then
that server can handle much of the computation and feed raw figures to the
MTA. This permits per-organisation customisation of the computation while
reducing MTA load. I have to wonder how many organisations are really
going to care, though. Configuring reputation servers isn't their core
business.

It may also not be to the advantage of the reputation service to expose
data which might be used for gaming that service. Compare this to the
search engine ranking algorithms, which are frequently gamed, even though
there is perhaps less value from gaming them. This is a hard problem.


If you maintain a server for your own use, you probably will want to set up your white/gray/black criteria directly on the server itself.

In the case where one reputation server has a lot of other MTAs querying it, perhaps each user can create his/her own profile, and the white/gray/black values (as well as white lists and blacklists) are set up on the server inside that user's account. Then the user can set up all his MTAs to query the reputation server using the profile name he just created.

e.g. user 'gconnor' logs in to 'reputationserv.com' and sets up his account. Then later the MTA sends a query for:
 spamdomain.com.gconnor.custom.reputationserv.com
where 127.0.0.1 indicates good, 127.0.0.2-255 indicates bad, and NXDOMAIN indicates no data known... or something like that.


--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>


<Prev in Thread] Current Thread [Next in Thread>