North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Lazy network operators - NOT
On Sun, 18 Apr 2004, Alex Bligh wrote: > Whilst that may gave you some heuristic help, I'm not sure > about the language. HINFO used that way neither /authenticates/ > the address (in any meaningful manner as the reverse DNS holder > can put in whatever they like), nor does it /authenticate/ the > user (which some might characterize as the problem). Given it > is a widely held view (IMHO correct) that using network layer > addressing for authentication is broken, I think your suggestion > would probably be better received if you described this as a > heuristic mechanism. Actually its neither an "authentication" nor a heuristic method. Its purpose is to provide better information so you can make a decision. Its similar to using SPF to provide information about addresses used to send mail containing particular domain names. For example if VIX.COM had SPF records for its domain, other people could check the SPF records and not send anti-virus bounce messages when mail didn't originate from VIX.COM SPF listed systems. HINFO (or RWHOIS or LDAP or whatever) provides more general information from the network operator about addresses. There are more network protocols than just e-mail. Some people try to infer information from the host name, e.g. does it contain the letters ppp or dsl or cable. Or they try looking up addresses in various third-party lists which may be out of date or difficult to correct; and doesn't fix the other third-party list which copied portions of the someone else's list. Yes, I'm aware of the limitations. But my goal is to split the problem up, and give each party some benefit to doing their part. The current practice of blaming one party for all the worlds problems isn't working. > Speaking of which, we gets lots proposed heuristic solutions > suggested. Has anyone actually done any formal evaluation of > the statistics behind this. For instance looked at a statistical > correlation between DUL listed entries and spam, extrapolated > to determine what would be the effect if all dialup blocks were > listed, and done proper significance testing etc.? Ditto any > of the other techniques Paul's greylisting paper refer to. If not, > sounds like a useful academic research paper. Hardly like we > are short of data points. Yes, but not complete. The longest on-going analysis is published at http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html He lists how many messages would be blocked by each type of blacklist. He doesn't look at false positives. There are also various whitepapers published by vendors. Be careful about the slice and dice effect. Depending on how you divide up the numbers you can make any thing come out on top. In some sense the problem is a lot worse. Its not just spam, worms, viruses. Its not just residential broadband users. Its not even just Microsoft Windows.