On Thu, 2004-07-22 at 16:36, Andriy G. Tereshchenko wrote:
[Mark Shewmaker]
And in both cases you could have reputation systems make
meta-claims about whether the particular identity is trustworthy.
A question:
I'm an evil person. I would like to stop Mark Shewmaker business (he
is competing with my products/services for example ;-).
All my prior submissions to reputation systems were about real spam
I will use legit Mark messages (not necessary) but replace content with "Buy
XXXX and link to free website (I will shutdown
this site using single email to abuse(_at_)web-domain(_dot_)com)".
If the reputation system places trust in you (and your evil cohorts),
and doesn't put much stock in my friends and customer's claims, then
sure, my domain will get a bad reputation within the context of that
reputation system.
You will have to refrain from directing your evilness at too many other
people, or people will start suspecting you, so the amount of evilness
you can do is limited.
The reputation system can't become too inaccurate, or it will in turn
get a bad reputation.
(As for myself, I prefer web-of-trust type reputation systems to handle
this sort of issue.)
So, not only are these problems limited in terms of the damage an evil
person can eventually do, they're also known, existing problems with
current block lists, and they're also unrelated to spf completely.
SPF handles claims of authenticity, leaving reputation to other systems.
SPF does not provide any way to perform message content/spam claims
verification.
(There is a reserved accreditation modifier.)