While reading SlashDot, they had an interesting reference to an article stating that 65% of all web surfs would be repeatly infected by spyware, adware, etc. It refers to this web site http://www.siteadvisor.com/ that essentially provides an interesting quiz and a reputation service for web sites through a web browser plugin. I thought it loosely related to our goals and note worthy. (BTW I scored 6/8).
 

The oddly titled "China Outlaws Outlook" actually details news of a recent law enacted by China that would require outbound email server operators to register their IP addresses 20 days prior to beginning to use them.

Assumedly, the Chinese government will offer an IP DNSWL (DNS White List) of registered servers and inbound mail server operators worldwide would have the option of rejecting mail from any other IP in China.

This may not occur, if the rest of the world becomes concerned about censorship issues. For example, what if the Governor of each US state selected which outbound email servers could operate from within his state, or the Senate Majority Leader could specify what American IP addresses could send outgoing mail.

From a fear / punishment and censorship perspective, the provision in the new Chinese law that requires mail server operators to keep a record of all mail incoming and outgoing for 60 days is in my opinion pretty significant.

The latest SIQ protocol Internet draft is available online with the IETF.

Its already been suggested that the change in ...   more »

Reference material for agenda item at Meng Wong's reputation mini-summit Feb 27th 2006: "Overloading DNS" with reputation data - what are some of the limitations and advantages etc. This is a summary of the 4 emails I (ANTHONY HOWE) wrote on the 7th Jan 2006 to ASRG-IAR in response to John Levine's comment about using DNS to do reputation like other DNS based blacklists:   more »

"One of the measures of interest is the size of the "free license to abuse" window. Is the window between detectable illicit action and termination long enough to get off a profitable phishing or spamming run? Is the initial screening process left so open that numerous such incidents are going to keep occuring? Ok, so noted in the service provider's Vetting Effectiveness Profile."   more »

Leveraging the power of communities and reputations can be an effective weapon against spam

http://acmqueue.com/modules.php?name=Content&pa=showpage&pid=346

1: Pervasiveness

2: Community-Based Filter Training

3: Emergence

4: Fingerprinting

5: Reputation

DCC offers an IP based reputation score given as the percentage of "bulk" mail seen from that IP. The IP reputation scoring is only available on the proprietary commercial version of DCC, according to http://www.rhyolite.com/anti-spam/dcc/reputations.html

Here are links to recent press regarding LashBack's unsubscribe repuation services:

(Press Release) http://www.lashback.com/unsubscribe_compliance_certification.htm

(ClickZ) http://www.clickz.com/news/article.php/3550106 

(DMNews) http://www.dmnews.com/cgi-bin/artprevbot.cgi?article_id=34140&dest=article

(BtoB.com) http://www.btobonline.com/article.cms?articleId=25525

The following is presented to encourage comments and discussion about a short research project designed to illumiate the existing state ...   more »

This article appeared last week on CNET News

Web site gives e-mail senders a reputation

It talks about CipherTrust's data collection appliances and their new TrustedSource Web site which provides reputation information based on that data.

Earlier this week I posted the SIQ protocol draft 02 with the IETF and its now available online:

http://www.ietf.org/internet-drafts/draft-irtf-asrg-iar-howe-siq-02.txt

Abstract

This draft incorporates much of the technical feedback given to me by Eric Allmann after the Sendmail Meeting of The Minds in San Francisco in July.

So far, Eric has been the only one to provide any actual  technical commentary and impressions about this protocol since it was first submitted to the IETF this time last year. I had hoped this past year to have had more feedback about SIQ or alternatives through ASRG IAR subgroup, which initially appeared to be the appropriate place for such discussions, but alas it appears that the IAR mailing list members have gone dumb through lack any interesting & fiery controversy worth arguing about.

I hope some of the more techinical amoung you will review it and post comments and/or alternatives here. I think its in the Internet's best interest that those interested in reputation systems and services develop an open and public protocol that can be used to implement the communication infrastructure for reputation query clients, caches, and servers.

LashBack has introduced a UBL (Unsubscribe Black List) available for public use. The LashBack UBL lists the IPs of senders judged abusive for sending email to addresses harvested from suppression lists.    more »

Excerpt

Classification may be the work of Reputation Collectors, or of Reputation Aggregators, or perhaps ideally an open system that can handle a "source" record. Source is who put this record in, who thinks the classification is X.

You can then choose which source(s) you will use/trust. You could selectively drop (ignore) sources you find you don't want to trust. You could set up your own interpretation / voting:

- Source "ReSpam" says this sender is a school

- Source "Montgomery Report" says this sender allows anonymous webmail signups and has no outbound rate limiting.

I am not suggestion that this classification system become a reputation system unto itself, with evidence files or an unlimited number of data points. Rather that it stick to a narrowly defined area of "classifications useful in differentiating characteristics of email sources." Other reputation collectors could reference the ID or classification numbers in this system if they wished to, and attach other data points within their own databases.   more »

 Meng Wong has a prototype project called Karma - so far I have found this page on it from July ...   more »

The present generation "domain plus IP" email reputation query / response SIQ protocol has been in use in production mail servers since July 2003. This succinct slide presentation was made at the ASRG "Identity, Authentication and Reputation" session of the 61st IETF meeting held in Washington DC November 2004.

The SIQ protocol has MTA query clients available for sendmail, postfix and exchange, plus command line query clients for *nix and win.
   more »

Aggregation is in my opinion a must. Blacklists alone will miss 40% of the spam we see. Requirements for passing "authentication only" are easily met by spammers. Purely statistical methods do not achieve 100% accuracy because the human judgement and research currently done by the most trusted black and white list operators is needed as an adjunct.
   more »

My favored predictive collectors focus on factors that can be measured before the message is accepted, even before the first spam from a new run is accepted. I also like predictive collectors that focus on positive or "good" characteristics rather than characteristics of "bad" senders.   more »

CONCLUSIONS: I predict that any large scale high quality reputation system will offer limited functionality free access with clear value distinctions for upgrading to fee based services. I also suggest  financial support for individuals who currently donate their daily "email research" time to the community will be money well-spent by reputation system Aggregators.

I expect to see financially rewarding opportunities opening up in the near future for individual anti-spam researchers who are paid for access to their daily "Reputation Collection" work yet remain independent rather than being "bought" as an employee for just one anti-spam service firm.
more »