[Greylist-users] Looking for updated list of bad (but good)senders

[Scott Nelson]

At 07:34 AM 9/15/04 -0400, Ken Raeburn wrote:
>"Brian Michalk" <michalk at awpi.com> writes:
>> A while ago, Evan and I discussed how to effectively implement a whitelist
>> system that could be automatic, trusted, and not abused.
>
>Would be nice...
>
>> Have a centralized signup, that the user could register and receive some
>> sort of public key(or maybe use their IP address)
>
>The IP address may not be consistent; the user may be on a dialup or
>cable modem connection.  A public key is probably better.  Rather than
>inventing new infrastructure, I'd suggest using PGP keys.  I expect a
>PGP key is much more likely to be shared across machines and programs
>than a cookie in one's web browser.
>

Although IPs are bad in theory, 
in practice I'll bet it would work well enough.

But it doesn't solve the mule problem, and neither does PGP keys.

Here's the best solution I've come up with to this sort of problem;
Anyone who want to sign up is tied to a physical address - one signup
per address.

The "nice" way is to mail out postcards to anyone who wants to join
with their password on it.
The "cheap" way is to require a SASE be mailed to you, which you then
label with a password.

If you really want to do something like this, I'd recommend first
creating a website with a login page and letting people signup
by requesting a password via email (to a human).
If and only if that becomes unmanagable, 
switch to a more draconian method of giving out passwords.



>>  to give him the ability to
>> submit domains for whitelisting.  Allow that registered user to submit, say
>> 1 whitelist per month to the system.  As time goes on, that user becomes
>> more and more trusted.  If the user abuses the system, the account is
>> yanked.
>
>Nice approach.
>

IMO, a terrible approach.
In many cases, the first submission would be a few dozen IPs, 
and after that nothing.

And rate limiting is only meaningful if there is no way to get 1000 accounts.
So you put an obstacle in the way of people who want to help,
and don't really affect the people who want to be "bad".



>> I think that removing illegitimate whitelisted domains could be automated.
>> It's quite simple to examine the log file for originating IP's that hit
>> multiple accounts on my domain.  Since it's not a blacklist, it's not as bad
>> if the occasional mistake occurs.
>
>I'm not so sure.  I suggest that we've got two different kinds of
>domains we might want whitelisted.
>
>First, there are hosts that people have found do retry, and aren't
>sending lots of spam.  Gosh, wouldn't it be nice to not delay any more
>mail from them?  Think of this as sort of a shared cache of approved
>sender addresses.
>
>Then there are the domains that behave poorly, such as not retrying
>delivery, but are sending legitimate mail.  Currently most or all of
>the whitelist entries Evan distributes with relaydelay appear to be in
>this category.
>
>In the first category, accidentally throwing away entries that are
>valid isn't a big deal; in the second category, it can cause you to
>lose mail.
>
>I think the second kind is more important, but do we want this
>whitelist to include the first kind as well?
>

If they retry 100% of the time, why not white list them?
You won't be blocking any spam from that IP anyway.

In an ideal world, the list would include all kinds of information
about the IPs, who submitted them, why they're submitted, when they
were submitted, how many complaints they generated.
It'd be easy enough to remove the "whitelisted because they retry" 
category after the fact.



Minor quibble - I've never /lost/ mail because of greylisting.
Occasionally some email that was /bounced/ that wouldn't have been.
The worst case was actually the GroupWise servers, and that was only
because they reported the tempfail incorrectly.
They still generated a bounce.

Please call it "bouncing" or even "rejecting" but not "losing".


Scott Nelson <scott at spamwolf.com>