[Mimedefang] IP Reputation data collection (announcement, Internet draft)
joris.dedieu at gmail.com
Mon May 3 09:43:36 EDT 2010
2010/5/3 David F. Skoll <dfs at roaringpenguin.com>:
> joris dedieu wrote:
>> I also think that you can't collect ip reputation without keeping a trace
>> of the mail itself and the mail transactions logs.
> That's way beyond the scope of our protocol, and completely impractical
> given the number of reports we expect to receive.
Spamhaus do so, SORBS too. They don't store everything. But if one of your ip
is listed, you can easily understand what's going wrong.
If it's not in your scope to store details I expect that you have a
great anti-flood system.
>> A blacklisted ip owner MUST have access to this informations as this
>> should be the only way to find and eliminate the real spam cause.
> Again, it's impractical. We collect on the order of 10^9 reports when
> we build our DNSBLs and there's no way we could (or would want to) store
> mail logs for that many messages.
>> I also think this draft should talk about abuses report mecanism.
> OK; please suggest some wording...
Has there is no details in the report, I think you should specify
that an abuse report (see rfc2142 rfc2635) containing the outrage
details must be
send before every reports that "harms" the reputation of an IP.
An other way is to set a boolean (abuse report sent yes/no) after each ip.
You can also specify a format to identify this abuse report.
(something like username.timstamp.ipnumber)
that can be provide as TXT record in rbl lookup
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID. You may ignore it.
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
More information about the MIMEDefang