spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How to use SPF to reject spam

2005-04-06 06:33:40
from [Radu Hociung] [Permanent Link] 
David MacQuigg wrote:

Radu,
Nice work. This looks something like http://www.mipassoc.org/csv/draft-ietf-marid-csv-dna-02.html
Thanks, but I see no similarities between the draft above and the reputation system that I envision.
The main difference is that the csv-dna method relies on the domain to register somewhere, and then provide the path to the appropriate clearing server.
With my system, the reputation is created automatically using the following chain:
SPF_authenticated_message_"PASS" + Score_for_Spam_Filter -> Spam Filter -> statistical_database -> Score_for_Spam_Filter
It's just a simple closed feedback loop system. No need to register anywhere.
The reputation services's main reason for existance is to save the trouble and expense of running the statstical database locally, which will get large quickly. It would be more like a statistics cache then a proper accreditation system, but with one caveat, that cache-writes only happen based on input from one/several reputable mail operators.
Anyway, the main item that I wanted to point out is how the SPAM decision loop should operate when SPF input is added to the mix.
I've been assuming that the second part of the spam problem (reputation) will be solved quite easily in a number of ways, by companies that will make lots of money doing it, once the first part (authentication) is done right, so I haven't paid much attention to the details of these proposals.
There may be more ways to deal with the second part, but it's worthwhile to keep the big picture in mind when working on SPF, in order to avoid design constraints that will hinder the second part of the solution.
For instance, as I have shown, the information in the statistical database will be much more valuable than the SPF records themselves (ie, for heavy spammers, the decision to reject is based exlusively on the database, and the likelyhood of a legit mail being allowed by the filter also depends on the score which is calculated from the database's records, and confirmed as valid by checking SPF for 'PASS). The SPF records of everyone but the established spammers will still be evaluated.
Anyway, if that be the case, that the stats be more valuable than SPF, I think it trully makes sense to minimize the cost of SPF. I would like to see your one-query goal become a reality, even though I am a little skeptic about its feasibility. 

Radu.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to use SPF to reject spam, Commerco WebMaster
Next by Date:  Re: How to use SPF to reject spam, Stuart D. Gathman
Previous by Thread:  Re: How to use SPF to reject spam, David MacQuigg
Next by Thread:  Re: How to use SPF to reject spam, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]