Versions Compared

Old Version 7

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version Current

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: converted to 1.6 markup

...

I think it would be a good idear to give each instalation of spam assasin its own gpg key and use that key to sign the keys of the users of the server and the keys of any other servers that are used at the same site or are cominly comunicated with. This way you are only finding the key chain from one key to the sender and the cache database would be easer to implement.

FOAF

  • Wiki MarkupHow can we incorporate \[http://www.foaf-project.org/ FOAF\]? Querying the website each time has quite some overhead, some caching is needed.
  • How to access? XML-RPC or some DNSDB gateway? (Have you noticed that DNS gets abused for quite some things?)
  • JustinMason: in thinking about this in the past, I considered that possibly the best way would be to have a crawler run from cron which generate a local cache of the remote data. however, one issue is that FOAF does not specify relays, just email address hashes; so this means that it's vulnerable to spammers faking the From addr. See 'Using From For Whitelisting Problems' below.


Web-O-Trust

  • Wiki MarkupThe \[http://web-o-trust.org/ Web-O-Trust\] project is relatively dead, maybe we can revitalize it.
  • It should be possible to implement the Web-O-Trust syntax in XML and put it into FOAF files.
  • JustinMason: I have always argued that Web-O-Trust needs a way to specify various degrees of trust, as well; ie. "this server will never originate or relay spam", "this server is trusted not to be subverted by spammer code, but may relay spam originated elsewhere", etc.

LOAF

  • Wiki MarkupI dont't like the idea at all, but \[http://loaf.cantbedone.org/ LOAF\] might be worth looking into, too.
  • JustinMason: big problem in my opinion is that the LOAF files are attached to each mail sent. bulky and messy!
  • MalteStretz: ACK, thats what I dont like about it, too.

Geo info

  • Wiki Markup\[http://www.corante.com/many/archives/2004/03/19/loaf_social_email_filtering.php This\] posting about LOAF made me think that it might be possible to use a website's published Geo information (how near am I geographically to the sender).
  • JustinMason: several spammers live near me!
  • MalteStretz: but they probably won't publish Geo records (smile) and if they start to do (probably not targeted ones but ones from high density urban areas), this rule won't work for you but maybe for people living at uncommon places

Querying Addressbooks

  • Wiki MarkupI already implemented a \[http://msquadrat.de/archive/04/03/22/01 quick hack\] for to query my KAddressbook from KMail for whitelisting. What about querying LDAP servers?
  • JustinMason: see also 'Using From For Whitelisting Problems' below

...

  • I guess quite some of them have some API available so it should be possible to write specific plugins for the services. I'd prefer if they just published FOAF profiles though.
  • JustinMason: http://www.tribe.net/ publishes FOAF.

Six/Four

  • Wiki MarkupA friend pointed me to \[http://www.hacktivismo.com/projects/ Six/Four\], no clue how that could fit in, just noting it here. \\ \\

Using From For Whitelisting Problems

...