[linux-elitists] Spam filters
mpalmer at hezmatt.org
Thu Mar 26 17:19:31 PDT 2009
On Thu, Mar 26, 2009 at 06:53:41PM -0400, Bob Bernstein wrote:
> On Thu, 26 Mar 2009, Gerald Oskoboiny wrote:
>>> Hiding isn't an anti-spam panacea but, wonderfully enlightening
>>> discussions of anti-spam flavor-of-the-month aside, what is?
>> Reputation systems.
> Are whitelists properly thought of as "reputation systems?" Or are they,
> perhaps, the dinosaurs of that family tree?
Theoretically, a whitelist is just a binary-valued reputation system
-- either you're trusted, or you're not. Practically, they're almost
universally implemented in a spectacularly stupid way (Challenge Response),
or aren't particularly useful in practice due to the need for regular
maintenance by anyone who uses e-mail in any meaningful manner.
The difficulty, in my eyes, for a working global reputation system is
identity. If you can just dump a bad identity, then it's no barrier to a
spammer. If you start a new identity at "Evil Spammer" and need to "level
up" from there, then bootstrapping is a pain.
The closest to a functioning reputation system we've got appears to be based
around IP addresses, which are the best identifier available in the SMTP
transaction. It's still a spectacularly bad one, though, as it doesn't
actually identify the originating actor, both through the "owner" of an IP
address changing over time, and multiple users sharing an IP address.
More information about the linux-elitists