On Fri, Aug 13, 2004 at 10:07:59PM +0200, jpinkerton wrote:
From: "Mark C. Langston" <mark(_at_)bitshift(_dot_)org>
Why is a good reputation hard to obtain? Reputation is behavior-based,
and requires nothing on the part of the e-mail user, other than the
normal activity of sending mail, just as is done today.
There are a couple of points that I'm not clear on then. If a new user
comes onto the internet and starts sending mail - how long does it take
before his reputation is established? And who writes the "rules" that
decide what is "good behaviour"?
Both answers depend on the ultimate receiver of the mail, and the
reputation system they've implemented.
With GOSSiP, the it takes as long as the mail administrator decides is
adequate to establish a good behavior baseline. Could be 100 emails,
could be 10,000, or higher. Note that "good reputation" and "bad
reputation" are not the only two categories. There is the unknown
region that Meng describes nicely on the page I mentioned earlier. That
unknown area just means, "proceed with caution -- I either don't have
enough data to declare this identity as having a good or poor
reputation, or their behavior is so inconsistent that their reputation
score hovers between the two." (GOSSiP has another parameter allowing
the system to distinguish between these two cases).
As to who determines what "good behavior is", that's a very good
question. Generally speaking, such standards are set by the community.
But this then raises the question: how is "community" defined? In
GOSSiP, the standards are data fed from a spam filter such as
SpamAssassin, and the community is a hand-picked set of peers, and their
peers, and so on out to a preset limit, creating a social network from
which others' opinions may be gleaned (much like real life).
Ultimately, what is and is not good behavior is a personal decision.
Thankfully, many tend to associate with those who hold similar opinions,
thus their social circles loosely define a cluster of people who hold
similar beliefs about behavior, with enough variation thrown in to make
life interesting. One may give more or less weight to each person's
opinion, and examine their opinion in light of their own experience and
beliefs. This is true in life, and GOSSiP is an attempt to implement
this for email.
Obviously, if each mail recipient implements a different reputation
system, reputation gets marginalized because reputation is inherently a
shared metric; without sharing, reputation is based entirely on direct
personal experience. While this can still be effective, it takes a long
time to establish a baseline for a given identity, and the problem of
novel identities is encountered with a frequency so high as to be
problematic.
What's needed with reputation systems isn't centralization, but
consistency and participation.
--
Mark C. Langston GOSSiP Project Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org http://sufficiently-advanced.net
mark(_at_)seti(_dot_)org
Systems & Network Admin Distributed SETI Institute
http://bitshift.org E-mail Reputation http://www.seti.org