[milters] Archive

Lists Index Date Thread Search

Article: 262
From: Kristin Zhivago
Date: 2004-11-28 22:54:35 -0500
Subject: Re: milter-mole

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Seems like we should write a white paper on the emergence of "factual" 
reputation systems.
kz

At 01:39 PM 11/28/2004, you wrote:
Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Hi Jeff,

SNMPTrap potentially has security / anti-spoof benefits over the SIQ
protocol *for the purpose of sending data which will be used as facts 
to
score domains, ips or domain+ip pairs.* It was just a wild suggestion 
and
I don't think it (SNMPTrap) panned out. We are not presently concerned
with how to collect trustable data from inbound servers / recipients.

The SIQ protocol is optimized for speed, and once we determined there 
is
no requirement to be able to trust the data the SIQ "reputation" server
receives - people spoofing queries is not an important issue. They can
spoof all they want - they are the only user of the response they get
back, and the queries they send are not used as input to the 
"reputation"
system.

Vitalij's milter-mole seems much more like GOSSIP to me - but in V's
suggestion - many trusted reporting nodes send data to a central server
and apparently the mole also signals 'we thought this was bad' or maybe
even 'we thought this was good'

The SIQ protocol "reputation" service I operate doesn't use judgements
from any source in determining scores. It (the Outbound Index) is based 
on
facts about the domain, ip, domain+ip, nameservers and related 
criteria.
The Outbound Index facts are about longevity and stability - how long 
has
the domain, or name server, or IP been around / assigned to this usage 
-
showing a pattern of wildly varying "customers" / forgeries vs dull 
stolid
consistency of most legitimate senders, also whether identity is 
obvious
or concealed.

The "security" factors are also part of the Outbound Index structure - 
for
example, a free webmail that requires zero verification of identity to
sign up - and has no rate limiting - has a lower security rating than a
bank with tight policies - no one but their own employees have access 
to
their outbound server, and their employees are required to use port 587
submission for any mail sent with the bank domain.

I don't like the term reputation - because it may be taken to be
subjective judgements or conjure up visions of "samples of spam" used 
to
justify blacklists, or some geek like me deciding whether or not
recipients get to see ads for di-et patches or V or C or p o rn or
whatever. But "reputation" seems to be the term we are stuck with. The 
way
we use the Outbound Index is all pre-DATA so there is certainly no
censorship.

Thank you,

- April



 >  From my reading of both Vitalij's email above and the discussion on 
the
 > wiki that you provided, I think that both are basically barking up 
the
 > same tree.
 >
 > As an additional question generated by my reading, what were the
 > benefits of using SNMPTrap over the current DNSBL arrangement?
 >
 > Thanks,
 >
 > Jeff G.

 >>>milter-mole: This
 >>>module will post periodically on the central server of address of 
ip
 >>>and e-mail sender and destination address in case if a sender or
 >>>recipient is not improper. In case if ip or e-mail sender or e-mail
 >>>recipient often repeat oneself at all participants on the amount of
 >>>voices to block an ip and e-mail sender. And also I ask to consider
 >>>possibility of creation of support sql (mysql) for the local use in
 >>>the personal aims.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Kristin Zhivago                       kristin@zhivago.com
Revenue Coach for Company Leaders
Editor, Revenue Journal           - for CEOs
Editor, Marketing Technology   - for marketers
President, Zhivago Marketing Partners, Inc.
381 Seaside Drive  Jamestown RI 02835
tel 401-423-2400  fax 401-423-2700
http://www.zhivago.com
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Author of the new book, published by Smokin' Donut Books:

"Rivers of Revenue: What to do when the money stops flowing."

see http://www.RiversofRevenueBook.com

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~


Lists Index Date Thread Search