Stuart D. Gathman wrote:
On Wed, 6 Apr 2005, Radu Hociung wrote:
Thanks, but I see no similarities between the draft above and the
reputation system that I envision.
You will find more similarities with the GOSSiP system.
Differences:
o When there is no SPF PASS, GOSSiP tracks reputation
by IP address instead of SPF result.
o GOSSiP lets MTAs query "neighbor" MTAs to share reputation info.
Ah, I see. I haven't looked at it, so my objection may be unfounded, but
it looks like it would be scaleability challenges with this method. With
2^32 IPv4 and 2^128 IPv6 domains, it would be interesting to see how thy
go about it. I'll look into it.
Using the PASS-ed domain names means that the database would only get as
large as the currently active domain name space (ie, only
paid/registered domains will be included) + 4 for the global counters.
Of course this DB has the challenge of a spammer who uses a fake
subdomain name, and a wildcard "v=spf1 +all" record, or an equivalent
(v=spf1 +ip4:127.0.0.1/1 +ip4:128.0.0.1/1 -all)
Then they could use {rnd}.spamdomain.com
This will be a challenge. However, the registrar and DNS host of the
spammer domain would charge a lot of money to host the zone, as there
will be many uncacheable queries to the authoritative servers.
If the content based filters allow 1 in 100,000 of these spam messages,
and the success rate (actual sales) is 1 in 1,000, you have about 100
million DNS queries for one sale. This will cost a few dollars, but
likely the offender's registrar will pull the plug, due to violated
agreement. So the SPF record goes away together with the domain.
If they don't pull the plug, IANA will probably revoke the registrar's
license, as their activities places a huge load on the root servers, and
does not benefit the Internet. This would be after they establish a
reputation of being spammer-friendly.
Radu