Re: Domain reputation

From: Gary Mills <>
Date: Thu, 9 Jun 2011 15:52:22 -0500

On Wed, Jun 08, 2011 at 02:41:03PM -0700, Murray S. Kucherawy wrote:
> The second part, the actual data analysis, is underway. That's not part
> of the specification effort, though it provides the data that will be part
> of the replies. That will probably appear in the form of a white paper at
> conferences and such in the not-too-distant future. It will be a first
> application of the protocols being defined, and a terrific
> proof-of-concept.

My main concerns are the meaning of the term `reputation' and how it
is determined. DKIM itself only guarantees the e-mail address or
e-mail domain, eliminating forgery. This is certainly a benefit, but
is only part of the problem of eliminating spam.

It seems to me that determining reputation entirely from spam volume
and then using it to block spam introduces circular logic. I'd like
to see reputation determined from criteria that are independant of
e-mail spam. The relationship between the e-mail sender and recipient
seems to be key here. For example, banks and other financial
institutions sending messages to customers would have a good
reputation because they value their customers. Subscribers to free
e-mail services would have a lower reputation because their e-mail
domain is available to anyone. Those e-mail marketing organizations
that build their own mailing lists would have an even lower reputation
because they will send to anyone. I don't know how this sort of
reputation could be quantified.

How many other groups are building reputation databases? I understand
that Spamhaus was doing that. I know that DCC is doing that too. Do
all these groups have any standards in common?

-Gary Mills-        -Unix Group-        -Computer and Network Services-
Received on Thu Jun 09 2011 - 20:52:35 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:18 PST