[linux-elitists] Spam filters

Matthew Palmer mpalmer at hezmatt.org
Thu Mar 26 22:15:05 PDT 2009


[What happened to "No Cc'ing linux-elitists"?]

On Thu, Mar 26, 2009 at 05:48:43PM -0700, Tony Godshall wrote:
> On Thu, Mar 26, 2009 at 5:19 PM, Matthew Palmer <mpalmer at hezmatt.org> wrote:
> > On Thu, Mar 26, 2009 at 06:53:41PM -0400, Bob Bernstein wrote:
> >> On Thu, 26 Mar 2009, Gerald Oskoboiny wrote:
> >>
> >>>> Hiding isn't an anti-spam panacea but, wonderfully enlightening
> >>>> discussions of anti-spam flavor-of-the-month aside, what is?
> >>>
> >>> Reputation systems.
> >>
> >> Are whitelists properly thought of as "reputation systems?" Or are they,
> >> perhaps, the dinosaurs of that family tree?
> >
> > Theoretically, a whitelist is just a binary-valued reputation system
> > -- either you're trusted, or you're not.  Practically, they're almost
> > universally implemented in a spectacularly stupid way (Challenge Response),
> > or aren't particularly useful in practice due to the need for regular
> > maintenance by anyone who uses e-mail in any meaningful manner.
> >
> > The difficulty, in my eyes, for a working global reputation system is
> > identity.  If you can just dump a bad identity, then it's no barrier to a
> > spammer.  If you start a new identity at "Evil Spammer" and need to "level
> > up" from there, then bootstrapping is a pain.
> >
> > The closest to a functioning reputation system we've got appears to be based
> > around IP addresses, which are the best identifier available in the SMTP
> > transaction.  It's still a spectacularly bad one, though, as it doesn't
> > actually identify the originating actor, both through the "owner" of an IP
> > address changing over time, and multiple users sharing an IP address.
> 
> Actually, then, what we have is a three-tier, not binary, system:

My "binary" comment was in relation to whitelists (presumably by sender
e-mail address), not generalised reputation-based systems.

> 1. good addrs (static, non-dyn DNS)
> 
> 2. dhcp/rotating addrs (e.g. comcast)
> 
> 3. known (blacklisted) spammers
> 
> And you could argue that there are sub-tiers among 2, as some IP
> blocks are administered with more tolerance than others.  Many ISPs
> block outgoing port 25, for example, except to their own servers.

You can draw up all sorts of classification systems for IP addresses and
ranges, sure.  What's your end-game, though?

- Matt


More information about the linux-elitists mailing list