Re: Slashing stats

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Thu, 8 Sep 2011 07:42:49 -0700 (PDT)

On Thu, 8 Sep 2011, SM wrote:
> Once we get the stamp (or identifier), we can forget DKIM and move to
> the next step which is to make an inference. The development of the
> inference, or reputation, would be based on heuristics. We generally
> have to differentiate between the various types of traffic, i.e. one to
> one, many to many, etc. mailing_list can be a datapoint; or do you
> consider it as not useful at all?

It's useful if separating those stamps on mail that appears to have
transited a list from those that didn't is a useful thing to do. So far I
haven't seen that it is.

It might also be useful to be able to identify a stamp as having been
added by an MLM, but there's no way to tell that either. An MLM could add
a List-ID field and then the MTA could sign it, but we can't assume that
legacy systems (i.e., all of them today) can do that so it's not clearly a
useful heuristic.

So we're left with some non-protocol knowledge about which signatures
represent MLMs and which represent something else. And even if we could
tell the difference, it's not clear to me how I would treat them
differently.

I'm not saying that this or any idea is a bad one, only that I haven't
observed anything in the data to tell us anything interesting so far.

-MSK
Received on Thu Sep 08 2011 - 14:43:05 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:33:12 PST