Re: How to use SPF to reject spam
2005-04-06 06:33:40
David MacQuigg wrote:
Radu,
Nice work. This looks something like
http://www.mipassoc.org/csv/draft-ietf-marid-csv-dna-02.html
Thanks, but I see no similarities between the draft above and the
reputation system that I envision.
The main difference is that the csv-dna method relies on the domain to
register somewhere, and then provide the path to the appropriate
clearing server.
With my system, the reputation is created automatically using the
following chain:
SPF_authenticated_message_"PASS" + Score_for_Spam_Filter -> Spam Filter
-> statistical_database -> Score_for_Spam_Filter
It's just a simple closed feedback loop system. No need to register
anywhere.
The reputation services's main reason for existance is to save the
trouble and expense of running the statstical database locally, which
will get large quickly. It would be more like a statistics cache then a
proper accreditation system, but with one caveat, that cache-writes only
happen based on input from one/several reputable mail operators.
Anyway, the main item that I wanted to point out is how the SPAM
decision loop should operate when SPF input is added to the mix.
I've been assuming that the second part of the spam problem (reputation)
will be solved quite easily in a number of ways, by companies that will
make lots of money doing it, once the first part (authentication) is
done right, so I haven't paid much attention to the details of these
proposals.
There may be more ways to deal with the second part, but it's worthwhile
to keep the big picture in mind when working on SPF, in order to avoid
design constraints that will hinder the second part of the solution.
For instance, as I have shown, the information in the statistical
database will be much more valuable than the SPF records themselves (ie,
for heavy spammers, the decision to reject is based exlusively on the
database, and the likelyhood of a legit mail being allowed by the filter
also depends on the score which is calculated from the database's
records, and confirmed as valid by checking SPF for 'PASS). The SPF
records of everyone but the established spammers will still be evaluated.
Anyway, if that be the case, that the stats be more valuable than SPF, I
think it trully makes sense to minimize the cost of SPF. I would like to
see your one-query goal become a reality, even though I am a little
skeptic about its feasibility.
Radu.
|
|