[ietf-dkim] open-source IP Address reputation-building engine?
Ian Eiloart
iane at sussex.ac.uk
Fri Jul 16 07:11:26 PDT 2010
--On 15 July 2010 10:49:25 -0700 Douglas Otis <dotis at mail-abuse.org> wrote:
> On 7/14/10 10:34 AM, Dave CROCKER wrote:
>> Does anyone know of an open-source module that is used to develop a
>> reputation table by watching traffic and correlating spamminess with the
>> original IP Address?
>>
>> d/
>>
> Dave,
>
> The program rbldnsd is an open source program used to publish
> reputations. Unfortunately, inputs used to establish reputation provide
> nonlinear relationships when used to grant "forgiveness". Forgiveness
> has become increasing important when dealing with the many compromised
> accounts. Some simply now use a strategy of white-listing larger
> providers, but if everyone took that approach, email would quickly
> become useless as a service. What can be said is that reputation is
> slow and as a result fairly ineffective at dealing with bot-net activity
> being emitted from otherwise "respectable" sources.
>
> -Doug
>
Yes, but why ask on a DKIM mailing list? I speculate that Dave wants to
modify it to build a reputation engine based on Author address, for DKIM
signed messages. With that, you don't have to forgive bad apples just
because they share an IP address with lots of good senders. Add in
reputation for envelope sender addresses when SPF passes, and you have *per
sender* reputation database for (for us) the majority of inbound mail
(that's passed IP reputation tests).
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
More information about the ietf-dkim
mailing list