What would happen if an evil-doer were to compromise a server? Couldn't this server then make me mark all my mail as spam, or none of my mail as spam? Who runs the servers, and what kind of security do they have?
Yes, an evil-doer could do such a thing if they could compromise a razor server. An evil doer could also download malicious code onto your machine if they compromised Microsoft's windows update servers.
The servers are owned and operated by Cloudmark, the company founded by Vipul Ved Prakash and Jordan Ritter. This company operates a commercial windows version (SpamNet) and a OSS perl version (Razor) against the same set of servers.
Although I doubt that Vipul/Cloudmark will comment on the exact details of their security architecture (most networks don't publicize this) I'd be VERY shocked if it was anything less than high end if not best-of-breed.
These guys aren't a basement company, they're a considerable commercial entity. They handle very large volumes of mail for some pretty hefty commercial companies. Because of this they likely to be under more-or-less continuous network attack, I'm sure they are somewhat used to it by now. Cloudmark also makes money on commercial contracts, so it's in their best interest to make sure their servers resist attack. Downtime due to vulnerability costs companies like Cloudmark very dearly.
While it's not impossible for them to be hacked, I'd suggest it's safe to say if their security measures were not good they'd have been taken over a long time ago.
Also, what's to prevent a spammer from reporting competitors' spam to build a reputation, and then later revoking any reports on spam he has sent himself? Someone just wishing to sabotage could also revoke reports after building a reputation. How does Vipul's Razor deal with report/revoke races between many reporters?
That gets a bit into the details of TeS that I don't think Vipul, et al are going to document (for security reasons, and please don't bring up the crypto argument unless you've read the archives and understand why razor isn't like an encryption algorithm)
However, I'd suspect that the gains of this attack would be short-lived at best. Vipul's an extraordinarily bright fellow, as are his colleagues. I'd be very surprised if ones TeS score did not fall of quite rapidly if hundreds of reporters started countering you in a report/revoke race. If you were racing with one person, that might go on, but anyone abusing the system like that would wind up racing with a rather large number of users, which would be difficult to win for any extended period of time.
------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ Razor-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/razor-users
