Maybe the information should not be a binary black/white, but a probability/confidence value? "Mail from that IP is spam with a probability of 99%" or something like that? For most IPs this will usually be close to 0% or 100%, but it should be somewhere in between if there are too few samples, or if the host is transitioning from bad to good or vice versa.
(I have to look a GOSSiP again - I think that was quite similar)
You're right, as I remember, Mark Langston's GOSSiP responded to queries with a reputation score (and an associated confidence rating - did this get done?).
Sender domains/addresses are currently completely useless as trustable entities.
On their own, perhaps. GOSSiP proposed a domain / IP duple as the reputation identity, by which I guess some of the issues with "granularity"
were (might be) avoided. There were also schemes to amalgamate entities for
scoring purposes - perhaps by ref. to "authorisation" mechanisms such as
SPF.
Actually, I really liked the ideas behind GOSSiP - particularly the way trust between nodes might be established informally (or not), and then modulated dynamically (without human intervention) would have been neat (I don't know how far that got).
[1] http://gossip-project.sourceforge.net/ [2] http://hcpnet.free.fr/milter-greylist/
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg