[linux-elitists] Re: MCI boots send-safe (Register) -- adds a net of 11 more spam hosts
Wed Mar 9 08:01:18 PST 2005
On Tue, 2005-03-08 at 18:59, Don Marti wrote:
> > Get a real reputation system. They're actually easy to build, it's the
> > promotion and deployment that are hard.
> Exactly. That's the reason to use one that's
> pre-promoted and pre-deployed for you, and that you're
> going to try to score high on anyway. And Google
> even measures the right kind of reputation --
> "writes something worth reading" reputation.
By "real reputation system", I mean one that:
* Does not rely on IP addresses (they are too ephemeral and not
* Is cryptographically secure (no replay attacks, limited
man-in-the-middle, limited known plaintext attacks, etc).
* Provides portable reputation (can move it from site A to site B)
* Provides inheritable reputation (can "vouch" for others'
80% of this exists already and is called SMTP/TLS. All you need is the
bit that actually TRACKS certs and behavior.
Of course, then comes the hard part: you need to convince at least two
major players to start using the system to generate enough positive buzz
to get it off the ground. The idea here is that as it gains momentum,
you can reasonably start cranking up the noise filter on zero-rep mail.
That is, if you don't even present an identity, you get shunted into a
system that uses blacklists heavily, and scores spam with liberal
harshness, since you aren't AS worried about false positives (those who
want to play ball can get around those stricter measures).
This resolves all of my negative feelings, for example, surrounding
blacklists that list dynamic IPs. Heck, list me all you like, just
accept the connection far enough to see if I step up to TLS and present
a valid certificate. If I don't you boot me before I even send a header
because I'm on a dynamic IP. That's cool.
If I do send a valid cert, then you check that against your reputation
database (piggybacked on DNS? or is this separate?) and determine that
I'm a good guy who had a spam problem about 3 years ago... sounds safe,
but better put him through SA just to be sure.
See? Nice and simple. No mess, no fuss.
PS: Note on the definition of "valid cert".... I'm not sure if you
should require that it be valid in the sense of having a known root CA.
After all, you can generate all the certs you like, but they'll all have
bad (or at best, no) reps. This presents a limited DoS capability, but I
think that could be resolved by expiring old certs from the database
that had little activity in the past, and had been inactive for a
configurable period of time.
PPS: If Linux-E is going to reject mail that is to a person and CCed to
the list, then why isn't there a Reply-To header by default? It's really
annoying having to change the recipients every time I reply to a Linux-E
message or have the mail dropped on the floor by the list.
Aaron Sherman <email@example.com>
Senior Systems Engineer and Toolsmith
"It's the sound of a satellite saying, 'get me down!'" -Shriekback
More information about the linux-elitists