RE: Sub domains

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Mark 
C. Langston
Sent: Thursday, August 19, 2004 2:23 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Sub domains


On Thu, Aug 19, 2004 at 08:18:00PM +0200, Koen Martens wrote:

I guess this means a.example.com is just screwed if b.example.com
misbehaves..


Not at all.  Take the following example, straight from GOSSiP:

Assume a ham-sender connects from <some IP>, using the address
foo(_at_)a(_dot_)example(_dot_)com(_dot_)

Assume a spammer connects from <the same IP>, using the address
bar(_at_)b(_dot_)example(_dot_)com(_dot_)

In GOSSiP, the identity for the hammer is a.example.com:<IP>.  The
identity for the spammer is b.example.com:<IP>.

Two separate identities, two separate reputations.

There has been discussion in the past few days about data aggregation
across identities, but I think everyone agrees that there may be as many
dangers as benefits to such aggregation.  Therefore, there won't be any
such aggregation in the initial release, and if and when that
aggregation is added, it will require significant testing to ensure the
good doesn't get lumped in with the bad.

OK,

So being the smart spammer, I register spammyexample.com, but am careful to
never send spam from that domain.

First I send from a.spammyexample.com until it gets a bad reputation, then I
send from b.spammyexample.com until it gets a bad reputation, and then I
send from c.spammyexample.com until it gets a bad reputation, etc.  Now if
you add in checking the reputation of the higher level domain
(spammyexample.com), I just spend some time sending ham from that domain
(while I spam from others because I plan ahead) and I still don't see how
you can avoid aggregation.

The tricky part, I think, is deciding where to draw the line of
responsibility.  For common US TLDs it's pretty easy (usually at the second
level), but for country TLDs it's going to be more complex.  Don't think
you're going to be that effective until you deal with this issue somehow.

Perhaps you need to look at each level as a aggregate and then see if there
are sub-domains that are at significant variance.  If the aggregate was
spammy, then a new sub-domain at that or a lower level would start out with
a somewhat negative reputation that would have to be overcome and if the
aggregate was hammy, it would start out somewhat positive.

Scott Kitterman

<Prev in Thread]	Current Thread	[Next in Thread>
RE: .name help, (continued) RE: .name help, Ralf Doeblitz RE: .name help, Stuart D. Gathman Sub domains, guy Re: Sub domains, Koen Martens Re: Sub domains, Mark C. Langston Re: Sub domains, Koen Martens Re: Sub domains, Mark C. Langston RE: Sub domains, guy Re: Sub domains, Koen Martens Re: Sub domains, Mark C. Langston RE: Sub domains, Scott Kitterman <= Re: Sub domains, Mark C. Langston Re: Sub domains, Koen Martens RE: Sub domains, Scott Kitterman Re: Sub domains, Koen Martens Re: Sub domains, Mark C. Langston Re: Sub domains, Meng Weng Wong RE: Sub domains, Seth Goodman Re: Sub domains, jpinkerton Re: Sub domains, David Brodbeck Re: Sub domains, Koen Martens