headers
Arvel Hathcock | 19 Jan 20:43
Favicon

Reputation assignment

In addition to the discussion on lookup conventions there is the problem 
of determining the mechanism for how a reputation service is to compute 
a reputation.  What are the inputs and mechanisms for acquiring and 
assessing those inputs that would allow a service to quantify 
reputation?  What is the formula for doing so?

It seems that one could code a server using SIQ and an SQL database 
fairly easily - but by what mechanism is the reputation score in that 
database supposed to be derived?  This seems to me to be a very 
difficult problem.

--

-- 
Arvel Hathcock
CEO, Alt-N Technologies
http://www.altn.com

-----------------------------------------------------------------
MDaemon 9.0 is coming!  Superior multi-threaded IMAP, AntiVirus,
and AntiSpam performance, Active Directory monitoring, integrated
free/busy server, integrated SyncML server, plus so much more.
-----------------------------------------------------------------
Permalink | Reply | 3 comments |
headers
Arvel Hathcock | 11 Jan 03:41
Favicon

Intro

Hi all.

John asked me to send a brief intro as I'm new to this list although I 
see several friends here as well.

My name is Arvel Hathcock and I'm a person interested in protecting my 
life's work (electronic mail) from the scourge of spammers and phishers. 
  Although my work isn't anything to match the likes of John or many 
others (I note Dave Crocker's presense here), I have been programming, 
building, and selling mail servers and list exploder software through my 
company, Alt-N, for 10 years.

I'm an early adopter of DKIM and have deployed it in it's current state 
to thousands of our customers.  It's risky I know since DKIM is still 
under development but I'm in a fortunate place in that my company is 
still small enough to react quickly and make fast changes and my 
customers are willing to trust me to make decisions of this nature for them.

what I'm often asked is "Ok, so you have DKIM in your software.  So what 
do you do with it?".  Honestly, the only things my software does with a 
DKIM result now is provide the option to reject the message if it fails 
to validate (or accept it and add to the spam score).  If it validates 
(and matches a white-list in the new version coming out) expensive 
heuristics down the processing chain will be skipped.  What's really 
needed is to input the validated domain into a reputation system of some 
kind.  Thus my interest in the discussions taking place here.

--

-- 
Arvel Hathcock
CEO, Alt-N Technologies
(Continue reading)

Permalink | Reply | 0 comments |
headers
Nick Nicholas | 6 Jan 21:06

Re: Reputation semantics

On Thursday, January 05, 2006 at 9:22 PM John Levine wrote:

> A reputation system will look something up.  The input is a
> domain name, or maybe an e-mail address or an IP address.
> The output is, well, what?  A single bit saying yes or no
> (like the typical use of a
> DNSBL?)  A score?  Multiple scores?  A little essay or the
> merits and flaws of the reputee?
>
> I don't know what the answer is, but it seems hard to start
> to build these things if we don't even know what the inputs
> and outputs are.
>
> Perhaps a reasonable way to start would be to survey what
> existing systems like the various DNSBLs and SIQ do.

If what DNS*W*Ls do is of any interest, I can write about how the Habeas
Safelist operates.

For the sake of this discussion, let's assume that the receiver is not
keeping a local copy of the Habeas Safelist and is querying a Habeas
accreditation server.  The input is a reversed IP address.  If the IP
address of interest is 1.2.3.4, enter the following command:

host 4.3.2.1.accredit.habeas.com

If the IP address 1.2.3.4 is included on the Habeas Safelist, then the
accredit server returns a response such as the following:

4.3.2.1.accredit.habeas.com has address 127.0.0.20
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Levine | 6 Jan 06:28

Reputation lookup conventions

One of the things that has made DNSBLs so successful is that there is
a consistent interface to all of them.  That means if you use one and
decide you don't like it, switching to another involves only a change
to a config file, not code changes to your MTA.

What should the interface to a reputation system look like?  SIQ is OK
but it seems kind of special case, and its UDP round trip isn't
fundamentally any cheaper than a DNS round trip.

We all know how to use a DNSBL to map an IP address into either a
number (an A record) or a string (a TXT record) or both.  It's
straightforward to do the same thing with domain names as an rhsbl,
again returning a number or a string.  Is that adequate?  Are there
implementation problems?  (The abuse.net domain lookup makes every
name a wildcard that covers subdomains, easy enough to do with my
special purpose server, probably OK in BIND-ese at the cost of
doubling the size of the zone.)

If we're willing to make the leap to TCP, the obvious way to do a
lookup is HTTP, e.g. if the service is called virtuousness.org and
you want to look up its opnion about sleazy.biz, do an HTTP lookup
on http://virtuous.org/sleazy.biz and you get back the usual HTTP
MIME package.  Seems like overkill to me but who knows, it might be
what you need to get the documentation behind the DNS encoded summary.

R's,
John
Permalink | Reply | 31 comments |
headers
John Levine | 6 Jan 06:21

Reputation semantics

Over in DKIM land everyone's been saying that DKIM will eventually
be lashed up to reputation systems.  That's fine, but what does that
mean.

A reputation system will look something up.  The input is a domain
name, or maybe an e-mail address or an IP address.  The output is,
well, what?  A single bit saying yes or no (like the typical use of a
DNSBL?)  A score?  Multiple scores?  A little essay or the merits and
flaws of the reputee?

I don't know what the answer is, but it seems hard to start to build
these things if we don't even know what the inputs and outputs are.

Perhaps a reasonable way to start would be to survey what existing
systems like the various DNSBLs and SIQ do.

R's,
John
Permalink | Reply | 3 comments |
headers
John R Levine | 6 Jan 05:33

Some projects for IAR

I'm pleasantly surprised to see signs of life on the IAR list.  In the
next few messages I'll send out some suggestions about projects upon which
people might want to work.

-- reputation semantics

-- reputation lookup conventions

Regards,
John Levine, johnl <at> iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
Permalink | Reply | 0 comments |
headers
Mike Wolf | 4 Jan 01:21
Picon

intro to IAR group from Mike Wolf

Hi,

I just joined the IAR subgroup.

I work for PeerConnect, a small company specializing in developing
applications for the Electronic Postmark in the email space.

I am interested in building reputation systems that can "embrace and extend"
the work done by the DKIM group and come up with draft standards for
reputation systems.
I also participated in the work done by the Universal Postal Union to create
an XML standard for the Electronic Postmark itself, back when I worked for
AuthentiDate, which operates the Electronic Postmark service for the USPS.
The EPM standard is really a non-repudiation web service protocol that
builds on digital signatures and time stamps and positions the post as a
trusted third party.

One of my goals is to get the posts involved in email authentication,
possibly by acting as a reputation / accreditation authority.

I am curious who else is in this group and what their goals are - who else
is active on this group?

Regards,

Mike Wolf

CTO

PeerConnect, Inc.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Anthony Howe | 25 Mar 19:20
Gravatar

SIQ draft 01 now available

http://www.ietf.org/internet-drafts/draft-irtf-asrg-iar-howe-siq-01.txt

--

-- 
Anthony C Howe                                 +33 6 11 89 73 78
http://www.snert.com/       ICQ: 7116561         AIM: Sir Wumpus

"held in my arms / his sun washed face / eyes closed" - Anthony
Permalink | Reply | 0 comments |
headers
Dan Li | 24 Mar 07:08
Picon

hello & Individual ID

Hi, IAR members,

This is Dan Li. I just joined the mail list out of personal interest, 
and forgive me for not having much background in this area yet. Here comes 
my first stir:

Reading about Sender ID and DomainKey etc., I wonder why they all opted to 
keep their scheme on a domain or mail server level rather than on 
individual level. 

Could it be out of performance / scalability considerations? -- That seems 
lame especially if it sacraficed functionality. 

Aren't such schemes leaving half of the problem unsolved, i.e., the 
email senders within a domain, or within any domain. 

Why didn't an "individual ID" based system fly? Why didn't the likes of 
Microsoft, Yahoo, AOL do something like that? Out of their own stand 
point? 

Maybe it's out of deployment concerns. Would an "individual ID" based 
system have severe deployment hurdles? 

Am I just been naiive or could someone here shed some light on this. 

Thanks!
Dan
Permalink | Reply | 2 comments |
headers
Mark C. Langston | 26 Nov 17:56

Re: Does IAR have any work to do?

On Fri, Nov 26, 2004 at 11:34:05AM +0100, Markus Stumpf wrote:
> John mentioned that there are a few repuation systems currently being
> developed. Is there some kind of an overview someone could post here?
> Even only some URLs would be fine for me ;-)
> 

Details on GOSSiP may be found at http://sufficiently-advanced.net/ .
The code may be found at http://sourceforge.net/projects/gossip-project/
Permalink | Reply | 1 comment |
headers
Robert Barclay | 19 Nov 22:15
Picon

Standardizing reputation query mechanisms

Lately, despite the low level of activity on this list, there has been
a great deal of activity in the development of a new generation
reputation services beyond the existing blacklist/whitelist paradigm.
Several (including one I am working on) either are available in some
state currently or are in development This is an exciting development
for the email industry in general, but does present some challenges.
The primary one is that most of these services are commercial to some
extent or another which makes sharing information difficult.
Despite this, an overwhelming concern I have heard from ISPs and MTA
vendors is that each of the developing services is publishing its data
in a slightly different way, and beyond that several protocols have
been suggested as standards for querying this data.
An area where it should be possible for all of us to work together
without the problems of commercial damage is in development and
deployment of a standard protocol for publishing and querying
reputation data. This problem is much more complicated than it may on
its face appear, because reputation services will have a much wider
range of sematics than traditional blacklists. They will return
different levels of granularity of data, from a single binary score,
to a huge range of scores over individual data points or even
customized scores for individual queriers. Or tey may provide a list
of suggested actions to be taken. They may have a need to allow email
receivers to guide the semantics of the query (e.g. I want elements
x,y,and z but not the other 23).

The advantage of getting us all to agree on the mechanisms to access
and exchange this data is that the mechanism can be built into every
MTA (if desired) and all of the systems will be supported without need
to develop new libraries every time someone creates a system. A
standard protocol also makes it more straightforward to compare
(Continue reading)

Permalink | Reply | 16 comments |

Gmane