From: "Marc Perkel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 20, 2003 5:15 PM
Subject: [Razor-users] Turning Razor into a censorship tool
> In relation to the moveon.org situation, let me create a hypethetical
> scenereo.
>
> I personally run two mail servers., one for myself and one for EFF. The
> server I own hosts about 25 email domains. I get a lot of email traffic
> and thousands of spam messages a day. I use spam assassin and I could
> take the very high scoring spam as well as spam already flagged by razor
> and report it building an electronic reputation that makes me a reliable
> source - having correctly reported thousands of spam messages a day.
>
> Having established my reputation, I then also include all mail coming
> from a number of organization who I don't like politically. The moment
> these messages hit my server I forward them to razor and after several
> are automatically reported, razor flags this as spam and thousands of
> other servers who rely on razor start marking all message coming from
> the affected sites as spam. By the time someone manually revokes the
> messages the damage is already done. And thus someone like me could
> censor sites that I don't agree with politically.
>
> So - what would stop me from gaming razor this way to use it as a mass
> censorship tool to silence those who disagree with me?
I am certainly no Razor expert. In fact, I am merely a lurker here, for the
most part. :)
But, intuitively, I feel that the correct way to deal with this, is to not
put all your money on one horse. I use Razor2, as part of SpamAssassin. The
Razor hit there is just one weighed factor -- one of many.
I have tuned SpamAssassin to do a very broad network check, including a lot
of DNS blacklist. But I attach a relatively low score to them all. Thus,
only a broader spectrum of "hits" will push an email over the threshold.
That way, a hit in Razor2 is noted, and basically flagged to the tune of
"Hey, something is up with this email;" but I do not go berserk over that
one hit, and several more are needed to elevate the message to the status of
spam.
Spreading out like that, I believe, must be the answer.
If anti-spam software became a whole lot smarter, it could contain sanity
checks, checking the weighed factors out against each other; that is, if
similar blacklists all report nothing out of the ordinary, and one of them,
consistently, shows anomalous peaks for one domain, then it could compensate
for that. In an ideally distributed system, an anti-spam agent could, in
such cases, even signal back on a feedback channel, to Razor, for instance,
marking the high score as "suspect". Then, the more "suspect" markers Razor
would receive, the more it would compensate, negatively, for the original
high score. Call it the "HAL 9000 sanity check", where multiple of the same
systems keep each other in check. :)
In the meantime, spreading out the risk will have to do. And, as so many
simple solutions, that works actually pretty well.
Kind regards,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Razor-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/razor-users
