[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Reputation-based systems

To: asrg at ietf.org
Subject: Re: [Asrg] Reputation-based systems
From: "Mark C. Langston" <mark at bitshift.org>
Date: Fri, 17 Sep 2004 10:18:58 -0700
In-reply-to: <7d4b8e62d72f5d3a86b0f880c05d6c1f414b0e6a@polyhedra.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <87656hjadx.fsf@deneb.enyo.de> <7d4b8e62d72f5d3a86b0f880c05d6c1f414b0e6a@polyhedra.com>
Sender: asrg-bounces at ietf.org
User-agent: Mutt/1.4.1i

On Fri, Sep 17, 2004 at 05:21:22PM +0100, Tim Bedding wrote:
> Florian
> 
> > These reputation-based systems have two significant problems: Its
> > participants can suddenly start sending vast amounts of spam, and it
> > hasn't to be their fault, really.  Maybe a hard-to-fix weakness in the
> > account generation procedure is exploited, or a software company has
> > distributed software with an easily exploited defect to a lot of
> > customers.  I'm not sure if you want to penalize such incidents, and
> > how you can still kick out the real non-compliers.
> 
> Surely, it is not beyond the wit of man to design a system that
> monitors email sending and triggers a suspension when something
> suspicious occurs. Then an ISP or other body could be in good
> standing.
> 

Sounds like time for a plug. ;)

I've been very quiet lately, because I've been killing myself trying to
finish an initial release of GOSSiP.  GOSSiP does more-or-less exactly
this:  It observes behavior, it rates behavior, it shares ratings with
others, it obtains ratings from others, and it also observes the
behavior of those sharing ratings.

Unlike commercial solutions, it's free (as in speech).  It's also free
as in beer for use -- no money changes hands, so there's no motivation
to bias results.  Even if results are biased, the checks and balances
built into the project allow those trying to cheat to be detected
quickly and marginalized.

I made the mistake the other day of mentioning a specific date for a
specific release event, which -- as always happens with such things --
came and went without the release event occurring.  However, I'm close
to a first release.  There's a working Postfix policy agent, written in
C, that communicates with a GOSSiP node via SSL.  There's a working
GOSSiP node, sans the peer communication code, which I'll be adding just
as soon as I finish hacking around an OpenSSL limitation I'm dealing
with.  There's a working feedback agent that automatically forwards the
spam rating from SpamAssassin to a GOSSiP node, also via SSL.

The main delay at this point is trying to add non-SSL functionality in
such a way that it won't require a major code rewrite, nor a major
architectural change.

As it now stands, it's an excellent standalone tool for tracking
reputation for incoming email; I've quickly built a database of several
tens of thousands of unique identities (in GOSSiP, an identity is the
connecting IP plus the RHS of the RFC2821 MAIL FROM: address), with a
history of spam/ham behavior, and a reputation score based on a
sigmoidal function.  The system also currently aggregates identities
when SPF is advertised for the domain part of the ID, allowing for
a single reputation across all senders associated with the SPF record
(which has come in surprisingly useful for catching spammers).

The URL's in my signature, and I could really use some active
programming contributions, if anyone's interested.
-- 
Mark C. Langston            GOSSiP Project          Sr. Unix SysAdmin
mark at bitshift.org   http://sufficiently-advanced.net    mark at seti.org
Systems & Network Admin      Distributed               SETI Institute
http://bitshift.org       E-mail Reputation       http://www.seti.org

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Re: SPF Abused by Spammers
  - From: Florian Weimer
- [Asrg] Reputation-based systems
  - From: Tim Bedding

Prev by Date: [Asrg] Reputation-based systems
Next by Date: [Asrg] Filtering spam by detecting 'anti-Bayesian' elements?
Previous by thread: [Asrg] Reputation-based systems
Next by thread: RE: [Asrg] Re: SPF abused by spammers
Index(es):
- Date
- Thread