You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Notes About A Possible "TrustNet" PlugIn

This page is my braindump for a bunch of PlugIns which I summarize under the name TrustNet. Their intention is to WhiteList people one exchanges mail with based on the WebOfTrust between the the sender and the recipient. Comments welcome. (MalteStretz)

Current ideas:

PGP

  • Use PGP to try to find a trustpath.
  • Checking the direct trust should be relatively simple if one has access to the user's keyring. But what about server side filtering?
  • Is it feasible to query servers for an indirect trust path, too? What's the overhead?
  • JustinMason: imo this is definitely a good idea. I'm worried about the CPU overhead of checking GPG sigs, but caching recently-seen "good" sigs in a cache keyed on From-address and first untrusted IP address from the Relays header would help that. Also, gaining access to GPG from perl isn't easy; the CPAN modules are not great. imo the cleanest option may be running GPG directly from a plugin.

FOAF

  • How can we incorporate [http://www.foaf-project.org/ FOAF]? Querying the website each time has quite some overhead, some caching is needed.

  • How to access? XML-RPC or some DNSDB gateway? (Have you noticed that DNS gets abused for quite some things?)
  • JustinMason: in thinking about this in the past, I considered that possibly the best way would be to have a crawler run from cron which generate a local cache of the remote data. however, one issue is that FOAF does not specify relays, just email address hashes; so this means that it's vulnerable to spammers faking the From addr. See 'Using From For Whitelisting Problems' below.


Web-O-Trust

  • The [http://web-o-trust.org/ Web-O-Trust] project is relatively dead, maybe we can revitalize it.

  • It should be possible to implement the Web-O-Trust syntax in XML and put it into FOAF files.
  • JustinMason: I have always argued that Web-O-Trust needs a way to specify various degrees of trust, as well; ie. "this server will never originate or relay spam", "this server is trusted not to be subverted by spammer code, but may relay spam originated elsewhere", etc.

LOAF

  • I dont't like the idea at all, but [http://loaf.cantbedone.org/ LOAF] might be worth looking into, too.

  • JustinMason: big problem in my opinion is that the LOAF files are attached to each mail sent. bulky and messy!
  • MalteStretz: ACK, thats what I dont like about it, too.

Geo info

  • [http://www.corante.com/many/archives/2004/03/19/loaf_social_email_filtering.php This] posting about LOAF made me think that it might be possible to use a website's published Geo information (how near am I geographically to the sender).

  • JustinMason: several spammers live near me!
  • MalteStretz: but they probably won't publish Geo records (smile) and if they start to do (probably not targeted ones but ones from high density urban areas), this rule won't work for you but maybe for people living at uncommon places

Querying Addressbooks

  • I already implemented a [http://msquadrat.de/archive/04/03/22/01 quick hack] for to query my KAddressbook from KMail for whitelisting. What about querying LDAP servers?

  • JustinMason: see also 'Using From For Whitelisting Problems' below

Social Networks

  • I guess quite some of them have some API available so it should be possible to write specific plugins for the services. I'd prefer if they just published FOAF profiles though.
  • JustinMason: http://www.tribe.net/ publishes FOAF.

Six/Four

  • A friend pointed me to [http://www.hacktivismo.com/projects/ Six/Four], no clue how that could fit in, just noting it here.

Using From For Whitelisting Problems

One common problem that appears when using just email addresses for whitelisting, is that spammers routinely fake the From address to appear to be

  • the recipient's email address
  • another email address at the recipient's domain
  • another email address from the address list in the recip's domain

if we use just the From address with an address-based whitelisting scheme, it will be vulnerable.

The solution is to either:

  • use IP address info from the Received headers or the last untrusted relay, and combine that with the address to come up with a combined email-and-ip address, similar to how the AutoWhitelist does it.
  • require that any whitelisted address be on a domain that publishes SPF records.
  • MalteStretz: cross-checking against SPF for entries for which no routing information is avaliable (ie. addressbook entries etc) is a good idea. another possibility to avoid some FPs could be to exclude all domains which are equal to the recipient's one
  • No labels