spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Good Domain List one step closer to reality (actually two steps)

2004-08-14 09:44:39
from [Mark C. Langston] [Permanent Link] 
On Sat, Aug 14, 2004 at 04:06:54PM +0200, jpinkerton wrote:

From: "Koen Martens" <spf(_at_)metro(_dot_)cx>

On Fri, Aug 13, 2004 at 01:20:46PM -0700, Mark C. Langston wrote:

With GOSSiP, the it takes as long as the mail administrator decides is
adequate to establish a good behavior baseline.  Could be 100 emails,
could be 10,000, or higher.  Note that "good reputation" and "bad
reputation" are not the only two categories.  There is the unknown
region that Meng describes nicely on the page I mentioned earlier.  That
unknown area just means, "proceed with caution -- I either don't have
enough data to declare this identity as having a good or poor
reputation, or their behavior is so inconsistent that their reputation
score hovers between the two." (GOSSiP has another parameter allowing
the system to distinguish between these two cases).


So, accredition means paying big bucks, something only larger companies
can do. Reputation means sending out lots and lots of mails, again
something only big companies do. Again, the smaller companies are
screwed. Great.

I'm a smaller company and I'd be happy with a solution something like GOSSiP
because it *does* have an in-between response which will cover folks who
don't send a lot of mail.  Maybe we need another category of response
saying -  "This domain has sent less than 100 mails so we can't decide yet
if they're good guys or bad, and you should proceed with caution" - or
something like that.





GOSSiP has this exact mechanism.  If there's not enough history for an
identity to make a decision, it simply responds with something
equivalent to "I don't know enough to make a decision", which is in
essence a NOP from GOSSiP -- your mail may still be filtered, but not by
GOSSiP; some other filter down the line (spam filter? something else
unrelated to GOSSiP) may decline your email, but GOSSiP wouldn't.  Not
until a history has been built that allows the system to determine your
reputation with some degree of confidence.

Unlike many proposals these days, GOSSiP does not assume "guilty until
proven innocent".

-- 
Mark C. Langston            GOSSiP Project          Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org   http://sufficiently-advanced.net    
mark(_at_)seti(_dot_)org
Systems & Network Admin      Distributed               SETI Institute
http://bitshift.org       E-mail Reputation       http://www.seti.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Testing?, guy
Next by Date:  Re: Authentication, Accreditation, and Reputation, Mark C. Langston
Previous by Thread:  Re: Good Domain List one step closer to reality (actually two steps), Greg Wooledge
Next by Thread:  Re: Good Domain List one step closer to reality (actually two steps), Jonathan Gardner
Indexes:  [Date] [Thread] [Top] [All Lists]