[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Collaborative real time spam blocking

To: ASRG <asrg at ietf.org>
Subject: Re: [Asrg] Collaborative real time spam blocking
From: "Mark C. Langston" <mark at bitshift.org>
Date: Fri, 22 Oct 2004 16:56:19 -0700
Cc: support at xanthus.net
In-reply-to: <41795136.9000205@xanthus.net>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <41795136.9000205@xanthus.net>
Sender: asrg-bounces at ietf.org
User-agent: Mutt/1.4.1i

On Fri, Oct 22, 2004 at 02:28:06PM -0400, Jim Whitescarver wrote:
> Greetings,
> 
> I do not know if this is the correct forum to address this issue.  
> Please let me know if these issues are being addressed elsewhere.  What 
> I am seeking is a means for coordinating a grass roots trust network for 
> aggressive dynamic blocking of spammer IP addresses.    While there are 
> many blacklists out there, they do not provide for mechanisms to 
> facilitate real time blocking.  Standards are needed for collaborative 
> blocking,  incident reporting and verification.  Spammers move to 
> quickly for traditional blacklisting approaches be effective.

Have a look at GOSSiP (http://www.sufficiently-advanced.net/ ).  It's a
massively-distributed, peer-to-peer email reputation system.  It could,
in theory, do exactly this sort of thing.  However, I'd need to add some
fairly thoroughly-thought-through identity-aggregation and behavioral
pattern analysis/identification to get it all the way to where you'd
want it to be.

As a quick kludge, you could probably examine all 0 reputation, 0
confidence incoming mail and simply pattern-match GOSSiP ID elements
against other 0/0 identities in the database.  If the total mailcount
from a given identity is, say, <10 (or anything you wish), it's all
tagged as being spam, and the ID is a partial match to other IDs with
similar characteristics, there are assumptions you could make before the
mail is accepted for delivery.  

Since GOSSiP's basically a social network (in the "social network
theory" sense), you'd also have regional variations because of the
scale-free nature of such nets.  The "relay nodes" described at the end
of the spec on the website would allow visibility into these regional
variations, just as "social hubs" act as bridges between otherwise
diverse social groups.

-- 
Mark C. Langston            GOSSiP Project          Sr. Unix SysAdmin
mark at bitshift.org   http://sufficiently-advanced.net    mark at seti.org
Systems & Network Admin      Distributed               SETI Institute
http://bitshift.org       E-mail Reputation       http://www.seti.org

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Asrg] Collaborative real time spam blocking
  - From: Jim Whitescarver

Prev by Date: Re: [Asrg] Collaborative real time spam blocking
Next by Date: [Asrg] Re: A plea for more hierarchy in DNS
Previous by thread: Re: [Asrg] Collaborative real time spam blocking
Next by thread: [Asrg] Re: Hi
Index(es):
- Date
- Thread