RE: [Declude.JunkMail] Web-O-Trust or ?
Have you checked the filter file to see what IP range matched? The IP entry is: 207.217.120.0/24 In the list of participants, the 5th entry in the list of participants. - http://www.web-o-trust.org/browse.cgi?url=http://web-o-trust.org/everybody.t xt I found it here: - http://home.teleport.com/~amurph/web-o-trust.txt Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-O-Trust or ?
Have you checked the filter file to see what IP range matched? The IP entry is: 207.217.120.0/24 In the list of participants, the 5th entry in the list of participants. - http://www.web-o-trust.org/browse.cgi?url=http://web-o-trust.org/everybody.t xt I found it here: - http://home.teleport.com/~amurph/web-o-trust.txt In this case, the first thing to do is send an E-mail to their contact address. If they cannot provide a reasonable explanation of how the spam got through, you can use an omit: line (and suggest that others do), to prevent any future spam from getting through from them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-O-Trust or ?
Scott: This guy is out of his mind... Look at his comments: version: http://web-o-trust.org/1.01.html # http://www.web-o-trust.org/ - version: correction needed in the example ;) # Note: comments are under their respective ip: # Note: IPv6 addresses may or may not be supported...remains to be seen # Note: F-sharp # Note: This file should stay here: http://home.teleport.com/~amurph/web-o-trust.txt # Note: This is my first-level trust. I also have web-o-trust-2.txt; see below. # Note: These are, respectively, Earthlink, sccrmxc14.comcast.net, rwcrmhc13.comcast.net, # Note: ...and one you can spot with rDNS. ip: 207.217.120.0/24 ip: 204.127.202.0/24 ip: 204.127.198.0/24 ip: 67.89.105.244 Is this what I think it is.. He is listing the entire Earthlink.com? Please visit this and see: http://home.teleport.com/~amurph/web-o-trust.txt Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 26, 2003 9:08 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Web-O-Trust or ? Have you checked the filter file to see what IP range matched? The IP entry is: 207.217.120.0/24 In the list of participants, the 5th entry in the list of participants. - http://www.web-o-trust.org/browse.cgi?url=http://web-o-trust.org/everyb ody.t xt I found it here: - http://home.teleport.com/~amurph/web-o-trust.txt In this case, the first thing to do is send an E-mail to their contact address. If they cannot provide a reasonable explanation of how the spam got through, you can use an omit: line (and suggest that others do), to prevent any future spam from getting through from them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-O-Trust or ?
This guy is out of his mind... Look at his comments: # Note: These are, respectively, Earthlink, sccrmxc14.comcast.net, rwcrmhc13.comcast.net, ip: 207.217.120.0/24 Is this what I think it is.. He is listing the entire Earthlink.com? This should be treated in the same way as if someone you trust (perhaps someone on this list) told you to whitelist that IP range. You've seen spam come from it, so it definitely isn't a good IP range to whitelist. Therefore, you should contact him to see why he is listing that Class C range, and make sure that he knows that spam is being sent from it. If he comes up with a very good explanation, that's fine. Otherwise, you can omit: him. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-O-Trust or ?
Kami, This guy also links to the following: http://users.adelphia.net/~equalizer/web-o-trust.txt Which includes what appears to be all of Adelphia. I'm not sure if people are paying attention, but I pointed both of these files out when the topic first came up. Now the mistakes have managed to propagate through to a great deal of those here. Matt Kami Razvan wrote: Scott: This guy is out of his mind... Look at his comments: version: http://web-o-trust.org/1.01.html # http://www.web-o-trust.org/ - version: correction needed in the example ;) # Note: comments are under their respective ip: # Note: IPv6 addresses may or may not be supported...remains to be seen # Note: F-sharp # Note: This file should stay here: http://home.teleport.com/~amurph/web-o-trust.txt # Note: This is my first-level trust. I also have web-o-trust-2.txt; see below. # Note: These are, respectively, Earthlink, sccrmxc14.comcast.net, rwcrmhc13.comcast.net, # Note: ...and one you can spot with rDNS. ip: 207.217.120.0/24 ip: 204.127.202.0/24 ip: 204.127.198.0/24 ip: 67.89.105.244 Is this what I think it is.. He is listing the entire Earthlink.com? Please visit this and see: http://home.teleport.com/~amurph/web-o-trust.txt Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 26, 2003 9:08 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Web-O-Trust or ? Have you checked the filter file to see what IP range matched? The IP entry is: 207.217.120.0/24 In the list of participants, the 5th entry in the list of participants. - http://www.web-o-trust.org/browse.cgi?url=http://web-o-trust.org/everyb ody.t xt I found it here: - http://home.teleport.com/~amurph/web-o-trust.txt In this case, the first thing to do is send an E-mail to their contact address. If they cannot provide a reasonable explanation of how the spam got through, you can use an omit: line (and suggest that others do), to prevent any future spam from getting through from them. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Web-O-Trust or ?
Good morning... I just noticed a caught spam that shows the Web-O-Trust filter being triggered. This is the filter that I think Bill posted after running the program on the site. At the moment we have 0 weight on the filter since we are just testing it. But as it appears it is not all that trust worthy.. Regards, Kami === From: "Thermal Aid" [EMAIL PROTECTED]Subject: [24~]Got the Flu? Relief as low as $19.95To: XContent-Type: multipart/alternative; boundary="=_NextPart_2rfkindysadvnqw3nerasdf"MIME-Version: 1.0Reply-To: [EMAIL PROTECTED]Date: Wed, 24 Dec 2003 13:13:20 -0600X-Mailer: Microsoft Outlook, Build 10.0.2616Message-Id: [EMAIL PROTECTED]X-IMAIL-SPAM-DNSBL: (BLARS,14668,127.1.0.9)X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"X-RBL-Warning: IPNOTINMX: X-RBL-Warning: WEB-O-TRUST: X-RBL-Warning: FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test (line 17, weight 5)X-RBL-Warning: FILTER-SPAM-HTML: Message failed FILTER-SPAM-HTML test (line 80, weight 10)X-RBL-Warning: FILTER-SUBJECT: Message failed FILTER-SUBJECT test (line 21, weight 2)X-RBL-Warning: FILTER-PRINTER-SUPPLIES: Message failed FILTER-PRINTER-SUPPLIES test (line 23, weight 20)X-Declude-Sender: [EMAIL PROTECTED] [207.217.120.41]X-Declude-Spoolname: De55308ad00d4c2a7.SMDX-Note: This E-mail was scanned filtered by Declude [1.77i8] for SPAM virus.X-Spam Score: 24 [Blocked on 20+]X-Note: Sent from Reverse DNS: waxbill.mail.pas.earthlink.netX-Hello: waxbill.mail.pas.earthlink.netX-Spam-Tests-Failed: NOABUSE, IPNOTINMX, WEB-O-TRUST, FILTER-HEADER-XMAIL, FILTER-SPAM-HTML, FILTER-SUBJECT, FILTER-PRINTER-SUPPLIES, WEIGHT20s, WEIGHT20rX-Note: Recipient(s): XX-Country-Chain: UNITED STATES-destinationX-Declude-Date: 12/24/2003 19:13:20 [0]X-RCPT-TO: X
RE: [Declude.JunkMail] Web-O-Trust or ?
Hello Kami. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Thursday, December 25, 2003 4:22 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Web-O-Trust or ? Good morning... I just noticed a caught spam that shows the Web-O-Trust filter being triggered. This is the filter that I think Bill posted after running the program on the site. At the moment we have 0 weight on the filter since we are just testing it. But as it appears it is not all that trust worthy.. Regards, Kami === From: Thermal Aid [EMAIL PROTECTED] Subject: [24~]Got the Flu? Relief as low as $19.95 To: X Content-Type: multipart/alternative; boundary==_NextPart_2rfkindysadvnqw3nerasdf MIME-Version: 1.0 Reply-To: [EMAIL PROTECTED] Date: Wed, 24 Dec 2003 13:13:20 -0600 X-Mailer: Microsoft Outlook, Build 10.0.2616 Message-Id: [EMAIL PROTECTED] X-IMAIL-SPAM-DNSBL: (BLARS,14668,127.1.0.9) X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: IPNOTINMX: X-RBL-Warning: WEB-O-TRUST: X-RBL-Warning: FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test (line 17, weight 5) X-RBL-Warning: FILTER-SPAM-HTML: Message failed FILTER-SPAM-HTML test (line 80, weight 10) X-RBL-Warning: FILTER-SUBJECT: Message failed FILTER-SUBJECT test (line 21, weight 2) X-RBL-Warning: FILTER-PRINTER-SUPPLIES: Message failed FILTER-PRINTER-SUPPLIES test (line 23, weight 20) X-Declude-Sender: [EMAIL PROTECTED] [207.217.120.41] X-Declude-Spoolname: De55308ad00d4c2a7.SMD X-Note: This E-mail was scanned filtered by Declude [1.77i8] for SPAM virus. X-Spam Score: 24 [Blocked on 20+] X-Note: Sent from Reverse DNS: waxbill.mail.pas.earthlink.net X-Hello: waxbill.mail.pas.earthlink.net X-Spam-Tests-Failed: NOABUSE, IPNOTINMX, WEB-O-TRUST, FILTER-HEADER-XMAIL, FILTER-SPAM-HTML, FILTER-SUBJECT, FILTER-PRINTER-SUPPLIES, WEIGHT20s, WEIGHT20r X-Note: Recipient(s): X X-Country-Chain: UNITED STATES-destination X-Declude-Date: 12/24/2003 19:13:20 [0] X-RCPT-TO: X
Re: [Declude.JunkMail] Web-O-Trust or ?
I just noticed a caught spam that shows the Web-O-Trust filter being triggered. This is the filter that I think Bill posted after running the program on the site. Have you checked the filter file to see what IP range matched? The two things to look for are [1] the site that listed the IP (if there is a rogue site, we all need to know -- this is pretty quick for a spammer to get into it), and [2] a poor IP range (someone accidentally adding 192.0.2.0/8, confusing /24 and /8), which would whitelist too large an area. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-O-Trust or ?
Merry Christmas everyone. Any way...the problem was eluded to before, in fact the listings that caused this problem have always been there: http://www.mail-archive.com/[EMAIL PROTECTED]/msg13918.html We shouldn't be trusting ISP mail servers. If isolated instances like this aren't enough, consider that others such as swbell.net have been tagged as a multistage open relay, and it appears that this might be correct based on the following: http://groups.google.com/groups?scoring=dq=151.164.30.28+group:*abuse* That server has been relaying spam since July of 2000, and the reports might be attributed to this server also handling forwarding. I have to look at this further, but I want to go and play with my choo-choo train and Tickle Me Elmo that Santa brought me. The presents that the spammers brought me won't be opened until tomorrow :) Matt R. Scott Perry wrote: I just noticed a caught spam that shows the Web-O-Trust filter being triggered. This is the filter that I think Bill posted after running the program on the site. Have you checked the filter file to see what IP range matched? The two things to look for are [1] the site that listed the IP (if there is a rogue site, we all need to know -- this is pretty quick for a spammer to get into it), and [2] a poor IP range (someone accidentally adding 192.0.2.0/8, confusing /24 and /8), which would whitelist too large an area. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] web-o-trust python output
I have not seen a single hit from the web-o-trust IP4R database, so I am wondering if they have populated it with any other than the test IP address. Anyway, if anybody is interested, here are the IP addresses that can be gathered by running the python script (that can be downloaded from the web-o-trust web site) against their own WOT file: === 216.161.119.28/32 63.227.74.40/29 206.154.12.6 206.154.12.5 206.154.12.1 216.239.181.44 199.181.178.202 199.181.178.210 199.181.178.249 206.161.134.0/24 64.4.213.160/28 192.220.90.245 64.42.30.33 64.42.30.59 195.127.133.64/26 63.107.174.0/25 63.107.174.9 63.107.174.74 63.107.174.79 66.101.136.32 216.153.138.70 66.218.0.195 66.218.0.196 12.5.16.230 12.5.18.101 12.5.20.80 12.5.20.81 12.5.20.100 12.5.20.105 12.5.20.108 12.5.20.109 131.161.246.241 127.0.0.4 216.239.181.44 131.161.246.241 216.161.119.28/32 63.227.74.40/29 65.39.146.50 65.39.146.51 216.158.54.130 66.187.244.0/24 66.187.250.0/24 66.187.254.0/24 216.64.213.0/24 208.31.42.38 208.31.42.42 208.31.42.38 208.31.42.42 208.31.212.48 127.0.0.1 68.59.9.227 66.143.181.9 66.143.181.11 68.14.232.127 216.19.203.209 207.217.120.0/24 204.127.202.0/24 204.127.198.0/24 193.115.218.0/24 204.74.64.0/18 207.126.97.0/24 207.126.97.0/24 128.223.142.13 128.223.142.14 128.223.32.18 128.223.32.6 128.223.60.21 208.31.40.0/21 216.99.221.0/24 18.7.21.0/24 204.178.72.212 65.83.168.66 209.98.250.78 209.98.98.0/23 208.42.156.0/25 202.14.177.1 203.9.150.1 203.9.150.105 212.17.35.15 127.0.0.3 195.8.166.131 195.8.166.134 195.8.189.42 146.101.158.130 195.92.253.3 82.195.234.0/28 82.36.140.4 216.37.23.2 206.135.50.0/24 208.254.47.10 208.254.47.11 66.199.168.4 200.112.193.11 65.172.240.34 192.203.178.0/24 63.107.174.65 63.107.174.14 63.107.174.32 65.119.204.32 63.107.174.8 63.107.174.78 219.122.122.130 221.188.40.145 212.32.4.25 82.195.234.0/28 69.59.138.210 203.56.139.100 66.181.128.0/27 131.161.246.241 65.39.146.50 65.39.146.51 192.136.111.0/24 208.128.241.224/29 216.239.181.44 204.189.38.0/24 204.189.39.254 206.114.136.0/23 131.161.246.241 205.179.156.40 204.152.188.42 128.223.142.13 128.223.142.14 128.223.32.18 128.223.32.6 128.223.60.21 208.31.212.35 208.31.212.43 208.31.214.2 195.92.253.3 63.107.174.65 63.107.174.14 63.107.174.32 65.119.204.32 63.107.174.8 63.107.174.78 24.107.232.14 208.31.212.48 127.0.0.2 68.168.78.0/24 24.48.57.4 24.48.58.217 24.48.57.10 24.48.58.218 209.18.32.0/20 24.75.0.0/17 24.75.128.0/20 66.109.0.0/20 68.168.64.0/20 24.49.141.249 24.48.52.0/24 24.48.31.79 216.88.36.96 216.88.36.160/27 209.98.1.0/26 209.98.1.224/27 204.249.106.2 209.114.181.235 209.114.181.237 208.249.185.98 82.34.1.89 216.239.181.44 64.35.140.249 64.35.140.251 192.94.170.0/24 66.93.190.199 66.93.190.238 207.217.120.0/24 204.127.202.0/24 204.127.198.0/24 67.89.105.244 207.166.198.224/29 207.166.198.22 12.169.125.2 131.161.246.241 64.65.64.0/25 66.92.144.25 66.92.144.195 66.92.144.187 66.92.144.211 208.31.42.38 208.31.42.42 209.208.127.0/29 209.208.127.8/30 209.208.127.36 209.208.121.25 209.208.0.105 209.208.0.71 209.208.0.20 209.208.0.4 209.208.48.121 209.208.48.114 208.152.224.3 208.152.224.2 208.152.224.4 209.208.0.15 216.239.181.44 64.69.80.178 195.92.253.3 82.195.234.0/28 82.36.140.4 212.32.5.0/28 195.200.1.58 209.10.69.128/25 209.63.164.120 192.150.103.0/24 204.74.68.55 192.83.249.28 206.55.70.42 216.239.181.44 65.39.146.37 209.17.183.249 198.63.208.11 198.63.208.9 198.63.208.144 216.177.97.41 207.126.97.64 192.150.103.17 204.74.68.55 38.113.200.0/24 128.223.142.13 128.223.142.14 128.223.32.18 128.223.32.6 128.223.60.21 216.239.181.44 64.65.77.46/32 === With these address you can create an ipfile like Scott illustrated in a previous post to the list: WOT ipfile D:\IMail\Declude\wotfile.txt x -10 x Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
How do the names get added to the list (or web-o-trust)? By getting someone to trust them. For example, we're asking that our customers let us know that they have set up a WOT file, and we add them to our WOT file, which a lot of people already trust. Hi Scott, As an ISP we host several webspaces of our customers and have full control of it. It's possible (and considerable) to set up a script that creates web-o-trust.txt files for all this customers on their own webspace and so create our little trusted network? Makes this any sense if all this customers send out messages over the same MTA (and IP)? Final question: If I've setup up this txt file. What else shoild I do? How my declude know which other IP's are WOT-whitelisted? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
Markus: The following line will give everyone with a web-o-trust a little negative weight. WEB-O-TRUST ip4rcabal.web-o-trust.org * -2 0 At present - it truly means everyone. They have already stated that eventually they'll become selective on which Ips they add to their whitelist RBL. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Thursday, December 11, 2003 05:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Web-o-Trust Hi Scott, As an ISP we host several webspaces of our customers and have full control of it. It's possible (and considerable) to set up a script that creates web-o-trust.txt files for all this customers on their own webspace and so create our little trusted network? Makes this any sense if all this customers send out messages over the same MTA (and IP)? Final question: If I've setup up this txt file. What else shoild I do? How my declude know which other IP's are WOT-whitelisted? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Andy, do they seem to be responding to your IP4R queries. The site appears to be down from my perspective. Bill - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 2:11 PM Subject: RE: [Declude.JunkMail] Web-o-Trust Markus: The following line will give everyone with a web-o-trust a little negative weight. WEB-O-TRUST ip4rcabal.web-o-trust.org * -2 0 At present - it truly means everyone. They have already stated that eventually they'll become selective on which Ips they add to their whitelist RBL. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Thursday, December 11, 2003 05:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Web-o-Trust Hi Scott, As an ISP we host several webspaces of our customers and have full control of it. It's possible (and considerable) to set up a script that creates web-o-trust.txt files for all this customers on their own webspace and so create our little trusted network? Makes this any sense if all this customers send out messages over the same MTA (and IP)? Final question: If I've setup up this txt file. What else shoild I do? How my declude know which other IP's are WOT-whitelisted? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Andy, do they seem to be responding to your IP4R queries. The site appears to be down from my perspective. http://www.dnsstuff.com/tools/lookup.ch?name=2.0.0.127.cabal.web-o-trust.orgtype=A shows that it is working. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Yep, it does appear to be back up now. However, for about an hour after I implemented the test, my bind logs showed that the server was not responding. Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 5:59 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Andy, do they seem to be responding to your IP4R queries. The site appears to be down from my perspective. http://www.dnsstuff.com/tools/lookup.ch?name=2.0.0.127.cabal.web-o-trust.orgtype=A shows that it is working. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Wow, certainly not a very stable server: = How I am searching: Searching for A record for 2.0.0.127.cabal.web-o-trust.org at d.root-servers.net: Got referral to TLD2.ULTRADNS.NET. [took 45 ms] Searching for A record for 2.0.0.127.cabal.web-o-trust.org at TLD2.ULTRADNS.NET.: Got referral to angel.heaven.net. [took 43 ms] Searching for A record for 2.0.0.127.cabal.web-o-trust.org at angel.heaven.net.: Got referral to a.ns.cabal.web-o-trust.org. [took 98 ms] Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. Searching for A record for 2.0.0.127.cabal.web-o-trust.org at a.ns.cabal.web-o-trust.org.: Timed out. Trying again. = Don't think I will be running this test right away, at least not until they can keep their name servers up and responding. Bill - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 6:12 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Yep, it does appear to be back up now. However, for about an hour after I implemented the test, my bind logs showed that the server was not responding. Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 5:59 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Andy, do they seem to be responding to your IP4R queries. The site appears to be down from my perspective. http://www.dnsstuff.com/tools/lookup.ch?name=2.0.0.127.cabal.web-o-trust.orgtype=A shows that it is working. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Web-o-Trust
We've recently learned about Web-o-Trust (WOT), which is a whitelisting system that has a lot of potential. Specifically, you whitelist your own IPs, and then link to others that you want whitelisted. For example, we've created a file at http://www.declude.com/web-o-trust.txt that lists the IP of our mailserver. It lists the IP address of our mailserver. It also has a link to another WOT file, which links us in to many other WOT files. Then, as customers of ours create their own WOT files, we'll add them to ours. So anyone using our WOT file (anyone that trusts us) will end up whitelisting all your E-mails -- as well as those that you trust. There are limits that can be put into place as far as how deep this will go. So, my request is that people go to http://www.web-o-trust.org and set up your own WOT file, and then let me know the URL of your WOT file (preferably off-list, to reduce traffic to this list). I'll add you to our WOT file, which is being used by many/most other people using Web-o-Trust, so your E-mail will start getting whitelisted at other mailservers. They also have a collate program that will let you automatically create files which should be compatible with the Declude JunkMail IP blacklists, allowing you to give a negative weight to anyone whose IP is in one of the WOT files. If it looks like WOT could take off, we'll look at adding native support for it into Declude JunkMail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
So, my request is that people go to http://www.web-o-trust.org and set up your own WOT file, and then let me know the URL of your WOT file (preferably off-list, to reduce traffic to this list). I'll add you to our WOT file, which is being used by many/most other people using Web-o-Trust, so your E-mail will start getting whitelisted at other mailservers. Although the details at http://www.web-o-trust.org (and http://www.web-o-trust.org/1.01.html which describes the WOT file format), for those that have precious little time, here is what you can do: [1] Create a file web-o-trust.txt [2] Add the following lines to it: version: http://web-o-trust.org/1.01.html ip: 192.0.2.25 ip: 192.0.2.0/24 include: http://www.declude.com/web-o-trust.txt contact: mailto:[EMAIL PROTECTED] keepfor: 86400 [3] All you need to change is the contact (to an E-mail address of yours; you may want to use a tagged E-mail address, such as [EMAIL PROTECTED], as the address may get harvested) or omit it, then add any IP ranges of yours that you want to include (with lines such as ip: 192.0.2.25 or ip: 192.0.2.0/24). That will get you a basic implementation, that will have you set up to whitelist anyone that we trust. [4] Publish it on your web site, preferably as http://www.example.com/web-o-trust.txt (but it can be in a different location if needed). [5] Let me know, so that I can add you to our WOT file, so that anyone who trusts us will trust you. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Scott, I looked into this several months ago, but at the time it did not seem to be getting much interest, and still doesn't appear to have much of a following (maybe 100 participants so far on their list). That's correct. But about half of them joined within the past few days. When I first heard of it, I didn't think much of it -- but now, there are a number of organizations using it (including one that previously would refuse our mail), and it's starting to reach critical mass. There are also a number of people in the anti-spam community that are actively pursuing WOT. However, I am willing to give it a go. Question, how do we use this with Declude JunkMail in its current form? They also have a collate program that will let you automatically create files which should be compatible with the Declude JunkMail IP blacklists, allowing you to give a negative weight to anyone whose IP is in one of the WOT files. If it looks like WOT could take off, we'll look at adding native support for it into Declude JunkMail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Scott, I looked into this several months ago, but at the time it did not seem to be getting much interest, and still doesn't appear to have much of a following (maybe 100 participants so far on their list). However, I am willing to give it a go. Question, how do we use this with Declude JunkMail in its current form? Something else that is worth mentioning here is that there are a number of IPs that will almost never send spam, but will be likely to get caught as spam. For example, purchase confirmations from eBay, amazon, etc. have a higher likelihood of getting caught than normal E-mail -- but their IPs just don't send out spam. All it takes is one person adding those IPs, and without any work on the part of everyone else, they will be able to get mail from those IPs without a problem. FWIW, we are working on a Windows program to automatically crawl through WOT files and generate sorted IP blacklist files (along with comments showing where the IP came from), without having to figure out how to run Python that the collate program is written in. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
I think WOT could be very worth while for the 10-15 minutes it takes to setup. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 4:32 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Scott, I looked into this several months ago, but at the time it did not seem to be getting much interest, and still doesn't appear to have much of a following (maybe 100 participants so far on their list). However, I am willing to give it a go. Question, how do we use this with Declude JunkMail in its current form? Something else that is worth mentioning here is that there are a number of IPs that will almost never send spam, but will be likely to get caught as spam. For example, purchase confirmations from eBay, amazon, etc. have a higher likelihood of getting caught than normal E-mail -- but their IPs just don't send out spam. All it takes is one person adding those IPs, and without any work on the part of everyone else, they will be able to get mail from those IPs without a problem. FWIW, we are working on a Windows program to automatically crawl through WOT files and generate sorted IP blacklist files (along with comments showing where the IP came from), without having to figure out how to run Python that the collate program is written in. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
Do you get titles, such as flight-attendant, engineer, pilot etc? G (Adding a fringe benefit like this usually improves participation.) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
Pardon my jumping in this discussion late: How do the names get added to the list (or web-o-trust)? It appears that companies say, I'm not a spammer, trust me! What keeps the spammers of the list? The distributed nature of the management is what keeps the time commitment down, but at the same time minimizes the effectiveness. What am I missing here? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of andyb Sent: Wednesday, December 10, 2003 2:36 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Web-o-Trust I think WOT could be very worth while for the 10-15 minutes it takes to setup. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 4:32 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Scott, I looked into this several months ago, but at the time it did not seem to be getting much interest, and still doesn't appear to have much of a following (maybe 100 participants so far on their list). However, I am willing to give it a go. Question, how do we use this with Declude JunkMail in its current form? Something else that is worth mentioning here is that there are a number of IPs that will almost never send spam, but will be likely to get caught as spam. For example, purchase confirmations from eBay, amazon, etc. have a higher likelihood of getting caught than normal E-mail -- but their IPs just don't send out spam. All it takes is one person adding those IPs, and without any work on the part of everyone else, they will be able to get mail from those IPs without a problem. FWIW, we are working on a Windows program to automatically crawl through WOT files and generate sorted IP blacklist files (along with comments showing where the IP came from), without having to figure out how to run Python that the collate program is written in. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
How do the names get added to the list (or web-o-trust)? By getting someone to trust them. For example, we're asking that our customers let us know that they have set up a WOT file, and we add them to our WOT file, which a lot of people already trust. It appears that companies say, I'm not a spammer, trust me! What keeps the spammers of the list? Several things. First is the limitations -- for example, if you trust us (that the IPs we list and the WOT files that we list are all good), but have a feeling that one of our customers may somehow include a spammer's WOT file, you can use include http://www.declude.com/web-o-trust.txt 2, which will trust us (1) and our customers (2). But it will not trust IPs that our customers trust. Second is omit. If we find that somehow a spammer gets a WOT file that our WOT file trusts, we can omit it (omit http://www.spammer_domain.com/web-o-trust.txt ). But, it would be a real hassle for a spammer to do this -- they typically have lots of compromised servers that they would need to list, and would need to find someone to trust them. Even if they find someone to trust them, they won't have any idea how many people are whitelisting them (since many people will use the limits). Then, once they are caught, they will quickly be removed. Of course, only time will tell how effective it really turns out to be. I think it has a lot of promise. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
From what I read so far, the idea is that you need someone ELSE (who him/herself was trusted before) to trust you (e.g., Scott has offered to trust his customers.) Basically, you whitelist yourself and then decide who you want to trust. The trust can be transitive and you can define how many nodes removed you want to implicitly trust. E.g., you can decide that you trust certain companies and whoever they trust and whoever they trust - and then stop there. Unless one of those two-removed levels trusts a spammer, there would be no problem if a different section of the web contained spammers who signed themselves up. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Wednesday, December 10, 2003 05:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Web-o-Trust Pardon my jumping in this discussion late: How do the names get added to the list (or web-o-trust)? It appears that companies say, I'm not a spammer, trust me! What keeps the spammers of the list? The distributed nature of the management is what keeps the time commitment down, but at the same time minimizes the effectiveness. What am I missing here? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of andyb Sent: Wednesday, December 10, 2003 2:36 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Web-o-Trust I think WOT could be very worth while for the 10-15 minutes it takes to setup. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 4:32 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Scott, I looked into this several months ago, but at the time it did not seem to be getting much interest, and still doesn't appear to have much of a following (maybe 100 participants so far on their list). However, I am willing to give it a go. Question, how do we use this with Declude JunkMail in its current form? Something else that is worth mentioning here is that there are a number of IPs that will almost never send spam, but will be likely to get caught as spam. For example, purchase confirmations from eBay, amazon, etc. have a higher likelihood of getting caught than normal E-mail -- but their IPs just don't send out spam. All it takes is one person adding those IPs, and without any work on the part of everyone else, they will be able to get mail from those IPs without a problem. FWIW, we are working on a Windows program to automatically crawl through WOT files and generate sorted IP blacklist files (along with comments showing where the IP came from), without having to figure out how to run Python that the collate program is written in. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
Hi, It also opens another option for lazy/ignorant sysops who don't want to correctly configure their mail servers. Now you can tell them: Sorry I don't white-list individual servers, but, you can white-list yourself by adding your servers to WOT. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, December 10, 2003 02:00 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Web-o-Trust Scott, I looked into this several months ago, but at the time it did not seem to be getting much interest, and still doesn't appear to have much of a following (maybe 100 participants so far on their list). That's correct. But about half of them joined within the past few days. When I first heard of it, I didn't think much of it -- but now, there are a number of organizations using it (including one that previously would refuse our mail), and it's starting to reach critical mass. There are also a number of people in the anti-spam community that are actively pursuing WOT. However, I am willing to give it a go. Question, how do we use this with Declude JunkMail in its current form? They also have a collate program that will let you automatically create files which should be compatible with the Declude JunkMail IP blacklists, allowing you to give a negative weight to anyone whose IP is in one of the WOT files. If it looks like WOT could take off, we'll look at adding native support for it into Declude JunkMail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
That sounds reasonable. You wrote of a process to compile a whitelist (implemented as negative weight on a blacklist). Does this process walk to all of the includes and their include, etc. to create the whitelist file? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, December 10, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Web-o-Trust How do the names get added to the list (or web-o-trust)? By getting someone to trust them. For example, we're asking that our customers let us know that they have set up a WOT file, and we add them to our WOT file, which a lot of people already trust. It appears that companies say, I'm not a spammer, trust me! What keeps the spammers of the list? Several things. First is the limitations -- for example, if you trust us (that the IPs we list and the WOT files that we list are all good), but have a feeling that one of our customers may somehow include a spammer's WOT file, you can use include http://www.declude.com/web-o-trust.txt 2, which will trust us (1) and our customers (2). But it will not trust IPs that our customers trust. Second is omit. If we find that somehow a spammer gets a WOT file that our WOT file trusts, we can omit it (omit http://www.spammer_domain.com/web-o-trust.txt ). But, it would be a real hassle for a spammer to do this -- they typically have lots of compromised servers that they would need to list, and would need to find someone to trust them. Even if they find someone to trust them, they won't have any idea how many people are whitelisting them (since many people will use the limits). Then, once they are caught, they will quickly be removed. Of course, only time will tell how effective it really turns out to be. I think it has a lot of promise. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
What if a spammer get into the loop? and corrupts the shared whitelist? is this possible? So Let me summarize the way I think this works. 1) I setup a WOT file for my domain/server 2) I whitelist entries the WOT file 3) I link the WOT file to other trusted WOT files 4) The linked WOTs have whitelisted items and linked WOT files Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of andyb Sent: Wednesday, December 10, 2003 2:36 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Web-o-Trust I think WOT could be very worth while for the 10-15 minutes it takes to setup. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 4:32 PM Subject: Re: [Declude.JunkMail] Web-o-Trust Scott, I looked into this several months ago, but at the time it did not seem to be getting much interest, and still doesn't appear to have much of a following (maybe 100 participants so far on their list). However, I am willing to give it a go. Question, how do we use this with Declude JunkMail in its current form? Something else that is worth mentioning here is that there are a number of IPs that will almost never send spam, but will be likely to get caught as spam. For example, purchase confirmations from eBay, amazon, etc. have a higher likelihood of getting caught than normal E-mail -- but their IPs just don't send out spam. All it takes is one person adding those IPs, and without any work on the part of everyone else, they will be able to get mail from those IPs without a problem. FWIW, we are working on a Windows program to automatically crawl through WOT files and generate sorted IP blacklist files (along with comments showing where the IP came from), without having to figure out how to run Python that the collate program is written in. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
I'm with Todd here. I see very little value here. I don't have a problem with blocking E-mail from providers that aren't involved in bulk mailing or don't have large communities of unregulated users. This might help with some false positives related to administrator discussions of banned words or techniques, but for normal E-mail traffic I see this as not being of very much use. As with all such networks, as this grows larger, the potential for problems also grows. Spamcop for instance has suffered greatly from a large number of anti-commercialism administrators or people that are just plain irresponsible reporting their spam, and a system like this represents a potential for problems of a similar type, where you are expected to trust an administrator without regard to the content of the messages, the protections that they have in place to prevent misuse, or even their honesty in joining in the first place. There are many of us that have had issues with our customers spamming on occasion, and if you can't trust your own customers, why should you trust the customers of others over whom you have no control over. If these don't currently represent a measurable problem, then why apply a fix which might prevent a future spamming incident from being blocked? I'm not against the idea of having some form of a registry, however the root of the problem is in differentiating among the gray stuff and not among the non-automated stuff. I find value in things like BONDEDSENDER, though to some purists, they view this as legitimizing large commercial spammers because their definition of spam differs from mine. Heck, Kami and I can't even agree on what spam is when it comes to this gray area stuff, and although I trust Kami's opinion on what he considers to be trusted senders, I wouldn't automatically trust his customers, or some list over which he is only in part involved in maintaining. I'm much rather first create a concise definition for spam and a process for review, and then build a list of automated-mailers to trust and not trust, and share that list with a select group of trusted administrators to maintain, and allow other non-trusted administrators to make use of. The list would have to be IP based, and the people would need to be responsible and dedicated to the task, and share the same values, otherwise it would just become another Spews. If someone can show me the value of crediting points to hosts which account for almost none of my mail volume, over which I have no familiarity with their rules and procedures, and for which I am not aware of any substantial problems, I will definitely reconsider my stance. Matt R. Scott Perry wrote: How do the names get added to the list (or web-o-trust)? By getting someone to trust them. For example, we're asking that our customers let us know that they have set up a WOT file, and we add them to our WOT file, which a lot of people already trust. It appears that companies say, I'm not a spammer, trust me! What keeps the spammers of the list? Several things. First is the limitations -- for example, if you trust us (that the IPs we list and the WOT files that we list are all good), but have a feeling that one of our customers may somehow include a spammer's WOT file, you can use include http://www.declude.com/web-o-trust.txt 2, which will trust us (1) and our customers (2). But it will not trust IPs that our customers trust. Second is omit. If we find that somehow a spammer gets a WOT file that our WOT file trusts, we can omit it (omit http://www.spammer_domain.com/web-o-trust.txt ). But, it would be a real hassle for a spammer to do this -- they typically have lots of compromised servers that they would need to list, and would need to find someone to trust them. Even if they find someone to trust them, they won't have any idea how many people are whitelisting them (since many people will use the limits). Then, once they are caught, they will quickly be removed. Of course, only time will tell how effective it really turns out to be. I think it has a lot of promise. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Well, Your try it if it doesn't work, or gets abused, you get rid of it.. It just *might* help. - Original Message - From: Matthew Bramble [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 6:27 PM Subject: Re: [Declude.JunkMail] Web-o-Trust I'm with Todd here. I see very little value here. I don't have a problem with blocking E-mail from providers that aren't involved in bulk mailing or don't have large communities of unregulated users. This might help with some false positives related to administrator discussions of banned words or techniques, but for normal E-mail traffic I see this as not being of very much use. As with all such networks, as this grows larger, the potential for problems also grows. Spamcop for instance has suffered greatly from a large number of anti-commercialism administrators or people that are just plain irresponsible reporting their spam, and a system like this represents a potential for problems of a similar type, where you are expected to trust an administrator without regard to the content of the messages, the protections that they have in place to prevent misuse, or even their honesty in joining in the first place. There are many of us that have had issues with our customers spamming on occasion, and if you can't trust your own customers, why should you trust the customers of others over whom you have no control over. If these don't currently represent a measurable problem, then why apply a fix which might prevent a future spamming incident from being blocked? I'm not against the idea of having some form of a registry, however the root of the problem is in differentiating among the gray stuff and not among the non-automated stuff. I find value in things like BONDEDSENDER, though to some purists, they view this as legitimizing large commercial spammers because their definition of spam differs from mine. Heck, Kami and I can't even agree on what spam is when it comes to this gray area stuff, and although I trust Kami's opinion on what he considers to be trusted senders, I wouldn't automatically trust his customers, or some list over which he is only in part involved in maintaining. I'm much rather first create a concise definition for spam and a process for review, and then build a list of automated-mailers to trust and not trust, and share that list with a select group of trusted administrators to maintain, and allow other non-trusted administrators to make use of. The list would have to be IP based, and the people would need to be responsible and dedicated to the task, and share the same values, otherwise it would just become another Spews. If someone can show me the value of crediting points to hosts which account for almost none of my mail volume, over which I have no familiarity with their rules and procedures, and for which I am not aware of any substantial problems, I will definitely reconsider my stance. Matt R. Scott Perry wrote: How do the names get added to the list (or web-o-trust)? By getting someone to trust them. For example, we're asking that our customers let us know that they have set up a WOT file, and we add them to our WOT file, which a lot of people already trust. It appears that companies say, I'm not a spammer, trust me! What keeps the spammers of the list? Several things. First is the limitations -- for example, if you trust us (that the IPs we list and the WOT files that we list are all good), but have a feeling that one of our customers may somehow include a spammer's WOT file, you can use include http://www.declude.com/web-o-trust.txt 2, which will trust us (1) and our customers (2). But it will not trust IPs that our customers trust. Second is omit. If we find that somehow a spammer gets a WOT file that our WOT file trusts, we can omit it (omit http://www.spammer_domain.com/web-o-trust.txt ). But, it would be a real hassle for a spammer to do this -- they typically have lots of compromised servers that they would need to list, and would need to find someone to trust them. Even if they find someone to trust them, they won't have any idea how many people are whitelisting them (since many people will use the limits). Then, once they are caught, they will quickly be removed. Of course, only time will tell how effective it really turns out to be. I think it has a lot of promise. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail
RE: [Declude.JunkMail] Web-o-Trust
If someone can show me the value of crediting points to hosts which account for almost none of my mail volume, over which I have no familiarity with their rules and procedures, and for which I am not aware of any substantial problems, I will definitely reconsider my stance. Very well stated! I would think most mail admins that would take advantage of WOT would already have their servers setup so they would pass most spam tests anyways. Why whitelist senders that wouldn't have failed your spam tests in the first place or that you don't get mail from? - Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
You wrote of a process to compile a whitelist (implemented as negative weight on a blacklist). Does this process walk to all of the includes and their include, etc. to create the whitelist file? Yes. It's designed to follow the rules of Web-o-Trust, and include/omit IPs as determined by your WOT file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
What if a spammer get into the loop? and corrupts the shared whitelist? is this possible? It can happen, but a spammer would have to do a lot of work for little payout. They would have to get someone to trust them to get in the loop, while not knowing how many people will trust them -- and not knowing how quickly they may be omitted. One of the keys here is limiting how much recursion can be done. For example, if you trust our WOT file, and those of our customers, but none further -- then the only way a spammer can get their IP whitelisted on your server is if *we* trust them. If you think that the WOT system isn't going to attract spammers, you might not want to place any limits, so that if one of our customers trusts one of their customers that trusts a friend of theirs who trusts a spammer, you can always omit them. Then, with Declude JunkMail, you can use negative weighting, which would make it even more difficult for a spammer to get their E-mail through with WOT. So Let me summarize the way I think this works. 1) I setup a WOT file for my domain/server 2) I whitelist entries the WOT file 3) I link the WOT file to other trusted WOT files 4) The linked WOTs have whitelisted items and linked WOT files I think that is right. :) The WOT file on your website is essentially a list of your IPs and people you trust. Presumably, that's where you would start when creating a list. The list would contain your IPs, and would include the people you trust as well (and the people they trust, and so on), within the limits that are given. Because of the web nature of this, there is no one specific starting point, except for your own WOT file. We're linked to most of the people who use Web-o-Trust, so by including us, you include them as well. However, at this point, nobody knows about *your* WOT file. So you let us know the URL for your WOT file, and we add you to ours. Since we're linked to most of the people who use Web-o-Trust, when we add you, most people will be whitelisting you as well (not everybody, though, because some may omit us or you, or may have recursion limits that prevent you from being seen). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
That is way too broad and general a statement. My server doesn't NOT allow most spam to pass. I would think most mail admins that would take advantage of WOT would already have their servers setup so they would pass most spam tests anyways. Why whitelist senders that wouldn't have failed your spam tests in the first place or that you don't get mail from? - Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
So how can this be added to Declude for negative weight? Using an IP blacklist, with a negative weight, such as: WOT ipfile D:\IMail\Declude\wotfile.txt x -10 x You'll need to create wotfile.txt, using collate from http://www.web-o-trust.org , which uses Python, or the tool we are developing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
As with all such networks, as this grows larger, the potential for problems also grows. Spamcop for instance has suffered greatly from a large number of anti-commercialism administrators or people that are just plain irresponsible reporting their spam, and a system like this represents a potential for problems of a similar type, where you are expected to trust an administrator without regard to the content of the messages, the protections that they have in place to prevent misuse, or even their honesty in joining in the first place. And it is possible that it will be a problem (for example, people whitelisting IPs that send both legitimate mail and spam). But, you have the power to omit anyone you want. And if you trust us, and we omit someone, it will be omitted for you as well. There are many of us that have had issues with our customers spamming on occasion, and if you can't trust your own customers, why should you trust the customers of others over whom you have no control over. If these don't currently represent a measurable problem, then why apply a fix which might prevent a future spamming incident from being blocked? If that is your philosophy, you can still use WOT. You'll still be able to get your IPs whitelisted by many people, and you can still list people that you trust directly. For example, you might decide that you want to whitelist our IP(s) (include: http://www.declude.com/web-o-trust.txt 1), or perhaps our IP(s) and customers (include: http://www.declude.com/web-o-trust.txt 2), but not those people that our customers trust. Perhaps you want to whitelist us and our customers, but there is one of our customers that you've had run-ins with in the past? In that case, you can use include: http://www.declude.com/web-o-trust.txt 2 and then omit: http://www.bad_guy.com/web-o-trust.txt;. So you have almost full control over it. And, by using a negative weight rather than actual whitelisting, WOT will just help out, without ensuring that spam gets through if a spammer gets his IP(s) somewhere in WOT. I'm not against the idea of having some form of a registry, however the root of the problem is in differentiating among the gray stuff and not among the non-automated stuff. We are definitely not going to add any of the gray stuff. Why? We don't want people omitting us! For the same reason, most of our customers won't, either. But what will probably happen is someone will come up with http://www.some_isp.com/~username/grayips.txt that people can optionally trust. If we want to trust them, we won't add them to our WOT file -- but instead, we can have a private WOT file that we don't tell anyone about that includes our main WOT file and the gray one. That way, we can whitelist the gray IPs, and people can still trust us without also trusting the gray IPs. Heck, Kami and I can't even agree on what spam is when it comes to this gray area stuff, and although I trust Kami's opinion on what he considers to be trusted senders, I wouldn't automatically trust his customers, or some list over which he is only in part involved in maintaining. That's where WOT works well. If you trust his IPs, but not those of his customers, you can include his WOT file with a 1 at the end, which won't trust any of his customers. If his customers use his IP, then just don't include his WOT file (it will probably be included if you choose to include ours, but in that case, you can omit his). If someone can show me the value of crediting points to hosts which account for almost none of my mail volume, over which I have no familiarity with their rules and procedures, and for which I am not aware of any substantial problems, I will definitely reconsider my stance. It all depends on your specific needs. Have you found that there are IPs that send you good mail, and never send spam? Instead of whitelisting them, adding a filter to help reduce their weight, etc., someone will likely add them somewhere in WOT. That by itself may be very useful. And, even if you don't want to trust anyone, you can just add your own IPs to your WOT file, and not include anybody. We'll include you, so others will whitelist your mail, and you won't have to trust anybody. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
After reading the WOT site and the posts here. I think the best use for this is a dynamic trusted whitelist. For example I have my mail server and my gateway mail servers. My web servers that send out notices and our orderentry server that sends out emails. I would list all of these IPs in my WOT file. Now that I have done that. If another mail admin trusts my WOT file and if I add or remove a server I just update my WOT file and they automatically trust the new server. If I change providers and my IP block. I just update my WOT file. If the new block is in blacklists because it was previously held by a spammer. My mail would then have less of a chance of being deleted or held as spam. Also if the class C gets blacklisted due to another subnet in the the class C spamming. My mail would have a better chance of not being blocked. It would also be advantagous for large providers to place there outbound mail sources in a WOT file or files based on how the server are used. They could have a WOT file for subscribers outboud delivery or confirmation notices. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, December 10, 2003 3:55 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Web-o-Trust What if a spammer get into the loop? and corrupts the shared whitelist? is this possible? It can happen, but a spammer would have to do a lot of work for little payout. They would have to get someone to trust them to get in the loop, while not knowing how many people will trust them -- and not knowing how quickly they may be omitted. One of the keys here is limiting how much recursion can be done. For example, if you trust our WOT file, and those of our customers, but none further -- then the only way a spammer can get their IP whitelisted on your server is if *we* trust them. If you think that the WOT system isn't going to attract spammers, you might not want to place any limits, so that if one of our customers trusts one of their customers that trusts a friend of theirs who trusts a spammer, you can always omit them. Then, with Declude JunkMail, you can use negative weighting, which would make it even more difficult for a spammer to get their E-mail through with WOT. So Let me summarize the way I think this works. 1) I setup a WOT file for my domain/server 2) I whitelist entries the WOT file 3) I link the WOT file to other trusted WOT files 4) The linked WOTs have whitelisted items and linked WOT files I think that is right. :) The WOT file on your website is essentially a list of your IPs and people you trust. Presumably, that's where you would start when creating a list. The list would contain your IPs, and would include the people you trust as well (and the people they trust, and so on), within the limits that are given. Because of the web nature of this, there is no one specific starting point, except for your own WOT file. We're linked to most of the people who use Web-o-Trust, so by including us, you include them as well. However, at this point, nobody knows about *your* WOT file. So you let us know the URL for your WOT file, and we add you to ours. Since we're linked to most of the people who use Web-o-Trust, when we add you, most people will be whitelisting you as well (not everybody, though, because some may omit us or you, or may have recursion limits that prevent you from being seen). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Web-o-Trust
Scott, I think the attempt is admirable, as it is with the RBL's and anyone else that contributes to the greater good, however I strongly believe that the approach is flawed. I've had similar discussions regarding shared blacklists and the same issue comes up over and over again...there needs to be some form of unautomated management and an enforceable standard for something like this to work. I checked out the limited number of submissions to that list and found the following file for instance: http://home.teleport.com/~amurph/web-o-trust.txt This file lists blocks containing Comcast and Earthlink mail servers. It also includes the following list: http://users.adelphia.net/~equalizer/web-o-trust.txt This one contains addresses on Road Runner, Adelphia and three educational institutions, and this out of only the first 100 or so members. What's to stop me or someone else from having an epiphany and using this as my pseudo-whitelist all of a sudden and including places like Cheetah Mail and Dart Mail? Some here consider that to be spam. It seems like this would present more trouble than problems fixed. Sure, I don't need to trust this person, or who they trust, but I also don't want to have to spend the time figuring out if someone currently has a very poor understanding of whitelisting, or may at any time in the future have a brain fart and start including the IP addresses of ISP's where the users themselves, trustworthy or not, can be infected with viruses and haplessly become open relays. This in itself is the #1 problem in spam fighting currently. It's the folks that don't own their IP space that are the hardest to block, and these are the same guys that won't be discouraged by the Can Spam laws because they are already criminals. Such a network and registry if successful, also presents a large potential issue when compromised and targeted...the map to the network is there for spoiling. I think that if a select group of very trusted administrators with a common set of rules wanted to use the functionality to share whitelist for selected bulk-mailers and blacklists for verified static spammers (with some form of re-review process for stale records), then this could be a useful tool, but I don't see anyone talking about such a thing. Sorry to be so negative about the idea, but if it was all just this simple, we wouldn't have a spam problem in the first place. In the current suggested implementation, I just don't see the value as a whitelist of places that I'm pretty sure wouldn't have any problems to begin with. Maybe it might be useful to have a conversation about alternative uses for such a program? I'm definitely interested in sharing some whitelists and blacklists based on the above stated criteria, but only if we could all agree on definitions, processes, and can be responsible. The only individual IP's that I whitelist are yours and a couple of other users because of filtering discussions, and my own customers because it's real bad when you block internal E-mail, even though it is quite rare. My false positives are 95% or more legit bulk mail and legit personal mail that is sent from known compromised IP space, and the other 5% (at most) might be related to errors in custom filters being primarily responsible...but I try to fix those issues. I don't have any notable issues with small mail servers that are properly adminsitrated and protected. Matt R. Scott Perry wrote: As with all such networks, as this grows larger, the potential for problems also grows. Spamcop for instance has suffered greatly from a large number of anti-commercialism administrators or people that are just plain irresponsible reporting their spam, and a system like this represents a potential for problems of a similar type, where you are expected to trust an administrator without regard to the content of the messages, the protections that they have in place to prevent misuse, or even their honesty in joining in the first place. And it is possible that it will be a problem (for example, people whitelisting IPs that send both legitimate mail and spam). But, you have the power to omit anyone you want. And if you trust us, and we omit someone, it will be omitted for you as well. There are many of us that have had issues with our customers spamming on occasion, and if you can't trust your own customers, why should you trust the customers of others over whom you have no control over. If these don't currently represent a measurable problem, then why apply a fix which might prevent a future spamming incident from being blocked? If that is your philosophy, you can still use WOT. You'll still be able to get your IPs whitelisted by many people, and you can still list people that you trust directly. For example, you might decide that you want to whitelist our IP(s) (include: http://www.declude.com/web-o-trust.txt 1), or perhaps our
Re: [Declude.JunkMail] Web-o-Trust
I think the attempt is admirable, as it is with the RBL's and anyone else that contributes to the greater good, however I strongly believe that the approach is flawed. I've had similar discussions regarding shared blacklists and the same issue comes up over and over again...there needs to be some form of unautomated management and an enforceable standard for something like this to work. I checked out the limited number of submissions to that list and found the following file for instance: http://home.teleport.com/~amurph/web-o-trust.txt This file lists blocks containing Comcast and Earthlink mail servers. I'm guessing that they were added because they have troubles with spam filters, and aren't going to be sending out spam. Do you have a record of spam from those IPs? In this case, though, if you're unsure that you can trust them, you can use omit: http://home.teleport.com/~amurph/web-o-trust.txt;. It also includes the following list: http://users.adelphia.net/~equalizer/web-o-trust.txt This one contains addresses on Road Runner, Adelphia and three educational institutions, and this out of only the first 100 or so members. But, why shouldn't those IPs be listed? It looks like they are being listed for a good reason. What's to stop me or someone else from having an epiphany and using this as my pseudo-whitelist all of a sudden and including places like Cheetah Mail and Dart Mail? Some here consider that to be spam. In that case, you'll likely get limited. For example, we could put a 1 after your URL, so that people trusting us would only trust your IPs, not those of people that you trust (or if you put the actual IPs for Cheetah Mail and Dart Mail, we could remove your entry). It seems like this would present more trouble than problems fixed. It could be. But only time will tell how it will really work out. Sure, I don't need to trust this person, or who they trust, but I also don't want to have to spend the time figuring out if someone currently has a very poor understanding of whitelisting, or may at any time in the future have a brain fart and start including the IP addresses of ISP's where the users themselves, trustworthy or not, can be infected with viruses and haplessly become open relays. This in itself is the #1 problem in spam fighting currently. I think the goal here is for those people to be far enough down the ladder that limiting your trust would fix it. It's the folks that don't own their IP space that are the hardest to block, and these are the same guys that won't be discouraged by the Can Spam laws because they are already criminals. Such a network and registry if successful, also presents a large potential issue when compromised and targeted...the map to the network is there for spoiling. True. But, it's going to be a major undertaking for little benefit. So they manage to get a few IPs in? They have to quickly send out spam before those IPs get removed. But even so, they don't know how many people are trusting them. Perhaps we can build something in where people don't get trusted until their WOT files have been active for X hours/days, allowing time for others with more time to omit them if needed. :) Sorry to be so negative about the idea, but if it was all just this simple, we wouldn't have a spam problem in the first place. But, the idea hasn't been put through the paces yet. Another idea is that if it is limited so that you can only add your own IPs, it may be more useful (so that the clueless admin can't just add Cheetah Mail and Dart Mail). In the current suggested implementation, I just don't see the value as a whitelist of places that I'm pretty sure wouldn't have any problems to begin with. Like us? We don't have anything that I consider a problem -- no spam has ever been sent from our mailserver, and there isn't any indicate that there will. But quite a few of Len's followers have blocked us. And for a few hours when EASYNET-DYNA added us, there were some people blocking just on that. Those people would *really* benefit from WOT -- which then benefits anyone who uses WOT. Maybe it might be useful to have a conversation about alternative uses for such a program? I'm definitely interested in sharing some whitelists and blacklists based on the above stated criteria, but only if we could all agree on definitions, processes, and can be responsible. That's not an alternate use -- that's an intended use. :) There is nothing saying that everybody should be included in WOT, or that you should trust someone like us. If that works for you, great. If not, it's quite possible to start a WOT specific to certain uses. I hadn't even thought of blacklists, but that would work too (just so long as they were handled carefully, so that whitelists and blacklists didn't accidentally include each other!). -Scott --- Declude JunkMail: The advanced
RE: [Declude.JunkMail] Web-o-Trust
I think ultimately it would be good to rank by trust, e.g., with hundreds of thousands of entries, there will be some that MANY will trust, others will never be trusted - any everything in-between. If this could be translated into a weighted list - then it would self-correct any odd-balls and benefit from the community wisdom on who deserves to be white-listed. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, December 10, 2003 08:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Web-o-Trust I think the attempt is admirable, as it is with the RBL's and anyone else that contributes to the greater good, however I strongly believe that the approach is flawed. I've had similar discussions regarding shared blacklists and the same issue comes up over and over again...there needs to be some form of unautomated management and an enforceable standard for something like this to work. I checked out the limited number of submissions to that list and found the following file for instance: http://home.teleport.com/~amurph/web-o-trust.txt This file lists blocks containing Comcast and Earthlink mail servers. I'm guessing that they were added because they have troubles with spam filters, and aren't going to be sending out spam. Do you have a record of spam from those IPs? In this case, though, if you're unsure that you can trust them, you can use omit: http://home.teleport.com/~amurph/web-o-trust.txt;. It also includes the following list: http://users.adelphia.net/~equalizer/web-o-trust.txt This one contains addresses on Road Runner, Adelphia and three educational institutions, and this out of only the first 100 or so members. But, why shouldn't those IPs be listed? It looks like they are being listed for a good reason. What's to stop me or someone else from having an epiphany and using this as my pseudo-whitelist all of a sudden and including places like Cheetah Mail and Dart Mail? Some here consider that to be spam. In that case, you'll likely get limited. For example, we could put a 1 after your URL, so that people trusting us would only trust your IPs, not those of people that you trust (or if you put the actual IPs for Cheetah Mail and Dart Mail, we could remove your entry). It seems like this would present more trouble than problems fixed. It could be. But only time will tell how it will really work out. Sure, I don't need to trust this person, or who they trust, but I also don't want to have to spend the time figuring out if someone currently has a very poor understanding of whitelisting, or may at any time in the future have a brain fart and start including the IP addresses of ISP's where the users themselves, trustworthy or not, can be infected with viruses and haplessly become open relays. This in itself is the #1 problem in spam fighting currently. I think the goal here is for those people to be far enough down the ladder that limiting your trust would fix it. It's the folks that don't own their IP space that are the hardest to block, and these are the same guys that won't be discouraged by the Can Spam laws because they are already criminals. Such a network and registry if successful, also presents a large potential issue when compromised and targeted...the map to the network is there for spoiling. True. But, it's going to be a major undertaking for little benefit. So they manage to get a few IPs in? They have to quickly send out spam before those IPs get removed. But even so, they don't know how many people are trusting them. Perhaps we can build something in where people don't get trusted until their WOT files have been active for X hours/days, allowing time for others with more time to omit them if needed. :) Sorry to be so negative about the idea, but if it was all just this simple, we wouldn't have a spam problem in the first place. But, the idea hasn't been put through the paces yet. Another idea is that if it is limited so that you can only add your own IPs, it may be more useful (so that the clueless admin can't just add Cheetah Mail and Dart Mail). In the current suggested implementation, I just don't see the value as a whitelist of places that I'm pretty sure wouldn't have any problems to begin with. Like us? We don't have anything that I consider a problem -- no spam has ever been sent from our mailserver, and there isn't any indicate that there will. But quite a few of Len's followers have blocked us. And for a few hours when EASYNET-DYNA added us, there were some people blocking just on that. Those people would *really* benefit from WOT -- which then benefits anyone who uses WOT. Maybe it might be useful to have a conversation about alternative uses for such a program? I'm definitely interested in sharing some whitelists
Re: [Declude.JunkMail] Web-o-Trust
Well let's try to have a discussion about sharing lists, if anyone is in fact interested. It takes a lot of effort to identify IP blocks for white, gray and black lists. I've seen some people include whole class C's without seemingly verifying that they were all under the control of one party. It seems that the SBL type spammer is now using only partial blocks and in researching that Pexicom spammer, I found blocks that were definitely shared with other companies (which is a shame). I've considered creating a tool for automating the maintenance of my own blacklists. In part, it would allow me to submit IP's that I considered spam to a database where they would be time stamped. I would also look at blocked messages and build some intelligence that would qualify blocks as some RBL's do, this way I wouldn't take additional action on just one IP because it might be a false positive, but two, three, four, etc., IP's from the same block is a sign of a static spammer, and time stamps could be used to verify continued activity so that they could be automatically expired after some point. The gathering of this automated information could be done fairly easily with IMail's program alias with a ROUTETO or COPYTO action instead of using DELETE or HOLD. If I could write this information to IMail's access control file, all the better, but then of course I would also have to process IMail's SMTP logs for activity, but at least this could be used with SKIPIFWEIGHT to save on processing with Declude. As far as whitelisting trusted bulk mailers goes, this would be process intensive and best done if shared. If a group of people could agree on a definition of spam and make nominations and then do the work of identifying the IP's (which is more useful than reverse DNS since unique domains are being registered for such uses), then this would be a virtually spoof-proof way of allowing such traffic on your server. You could also differentiate between what is purely white, such as Ebay notifications and what is gray such as commercial ad related content sent to members, then you could build two lists simultaneously and allow administrators to block the gray stuff per domain with an action for the test in which it is defined. When it comes to whitelisting ISP mail servers, I don't believe we have the necessary tools to make the most out of this. Spam does get sent through these mail servers, but they also are very problematic when it comes to being blocked by RBL's. It would be great if a list could be generated of ISP mail server IP's which could then be used by Declude to turn off the RBL's but still take action on technical filters and custom filters. It wouldn't take a very large group to come up with something that would cover 80% or more of ISP mail server traffic. I'm not sure that Web-o-Trust allows for the flexibility to be defined in so many different ways, nor do I believe that such a process is necessary. This could be set up as an automated download from a network of servers maintained from a private master database where each public server advertises peers in the network (making it DOS-proof). The programming is also quite simple. The hard part is choosing people to do this work who can agree and be responsible. I only mention this because of the current discussion. I can't fathom having any time to explore this idea in reality until February at the earliest, but I definitely see myself doing at least part of it as a way to reduce the administration of my system. Any thoughts? Matt R. Scott Perry wrote: I think the attempt is admirable, as it is with the RBL's and anyone else that contributes to the greater good, however I strongly believe that the approach is flawed. I've had similar discussions regarding shared blacklists and the same issue comes up over and over again...there needs to be some form of unautomated management and an enforceable standard for something like this to work. I checked out the limited number of submissions to that list and found the following file for instance: http://home.teleport.com/~amurph/web-o-trust.txt This file lists blocks containing Comcast and Earthlink mail servers. I'm guessing that they were added because they have troubles with spam filters, and aren't going to be sending out spam. Do you have a record of spam from those IPs? In this case, though, if you're unsure that you can trust them, you can use omit: http://home.teleport.com/~amurph/web-o-trust.txt;. It also includes the following list: http://users.adelphia.net/~equalizer/web-o-trust.txt This one contains addresses on Road Runner, Adelphia and three educational institutions, and this out of only the first 100 or so members. But, why shouldn't those IPs be listed? It looks like they are being listed for a good reason. What's to stop me or someone else from having an epiphany and using this as my pseudo-whitelist
Re: [Declude.JunkMail] Web-o-Trust
At 06:27 PM 12/10/2003, you wrote: I'm with Todd here. I see very little value here. I don't have a problem with blocking E-mail from snip I'm not against the idea of having some form of a registry, however the root of the problem is in differentiating among the gray stuff and not among the non-automated stuff. I find value in things like BONDEDSENDER, though to some purists, they view this as legitimizing large commercial spammers because their definition of spam differs from mine. Heck, Kami and I can't even agree on what spam is when it comes to this gray area stuff, and although I trust Kami's opinion on what he considers to be trusted senders, I wouldn't automatically trust his customers, or some list over which he is only in part involved in maintaining. * See my PS for a description of how this objection might be mitigated. ship If someone can show me the value of crediting points to hosts which account for almost none of my mail volume, over which I have no familiarity with their rules and procedures, and for which I am not aware of any substantial problems, I will definitely reconsider my stance. WOT turns out to be very similar to the COT (Circle Of Trust) features we are going to build into Message Sniffer. Snice WOT seems to be getting some attention we've decided to push forward some of that development toward building utilities that are compatible with WOT, and specifically that automate some of the admin process. The COT systems we have planned will allow like-minded peers to share policy decisions and ratings for email sources. Our COT mechanisms will provide for a colorful gradiation... but the first mechanisms to be implemented will establish the black and white edges of the spectrum. In the simplest terms, the black edge is where email sources only produce spam and/or malware and the white edge is where sources never produce these. WOT offers an early opportunity to define the white edge, so we're anxious to begin supporting it. As you point out, the white edge is somewhat fuzzy depending upon your definition of spam, but this can be mitigated through some fairly simple math - and in the end the extreme white will generally be agreed between systems as much as the extreme black is often common ground. The benefit of having a reference to the white edge is primarily the elimination of false positives from previously unknown sources and transient filtering errors. The value of this scheme is particularly enhanced if your definition of the white edge is derived from like-minded peers and in particular systems that are your common neighbors and their neighbors. (if you're likely to have common contacts) If the generation of white edge information can be automated (and we think it can) then this frees your system to be more aggressive in defining what is black since the probability of false positives is reduced. (sorry if any of this is fuzzy... it is sometimes difficult to explain the real leverage that can be attained through network effects.) To summarize, if the generation of your WOT can be automated based on the messages that you receive which are extremely white then the benefit of sharing that information with other systems is that you can gain access to their information. Everyone in the group can then be more aggressive with their filtering. --- I don't want to put too much emphasis on this, in particular because there are problems with defining a source strictly from the IP address, but you might also think of the problem in the following way: Through the use of virii and other means spammers have potential access to the vast majority of the IP space for sending their content. Comparatively there are very few points in the IP space that are legitimate sources for email - that is, sources which are at least email servers as opposed to randomly compromised equipment. There is every indication that these conditions will continue to get worse. (early in the game it made more sense to list the bad guys than the good guys, now the numbers say those conditions have reversed) Strictly from a data processing perspective, it is clearly more economical to map the acceptable sources for email than it is to map the unacceptable sources. From the perspective of automated, decentralized trust based systems, networks of trusted peers is a powerful mechanism - wether automated or not. Personally I think it is VITAL (sorry for the caps but I mean it) that these kinds of control systems remain completely open and decentralized in order to avoid the potential for catastrophic failure and abuse that is associated with any centralized mechanisms. WOT isn't perfect, but it is a great place to start and it's here right now. The value of WOT will increase radically as it is more widely adopted - this is true of any system that leverages network effects. I'm sure that if WOT really takes off it will be extended naturally to
RE: [Declude.JunkMail] Web-o-Trust
I think ultimately it would be good to rank by trust, e.g., with hundreds of thousands of entries, there will be some that MANY will trust, others will never be trusted - any everything in-between. If this could be translated into a weighted list - then it would self-correct any odd-balls and benefit from the community wisdom on who deserves to be white-listed. FWIW, the program we are developing to wade through a WOT file keeps track of how many WOT files reference the IP directly, and how many reference the IP's WOT file. So for example, our mailserver's IP gets 1 for the number of direct references (which is appropriate, since only our WOT file really should contain it, as there isn't need for it to be listed elsewhere). That by itself doesn't help much -- but when you factor in that our WOT file is referenced by 21 other WOT files, weighting could be used. Perhaps a subtract X points for E-mail from IPs listed in WOT, where X is the total number of direct references plus the total number of references to the WOT the IP is in formula would work well in Declude JunkMail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
Hi Pete: Very informative. As much as I like and will support the concept, I couldn't help but cringe that someone comes up with a new web-based system - and then defines their proprietary formatting for their config file instead of trying to reuse existing standards, e.g., adopting XML as a format. Instead of various folks writing custom-parsers and generators, one could benefit from the existing XML technology and it's ability to self document, and concentrate on processing the content. Foreseeable, someone could even write a web application and run it as their web-o-trust URL that dynamically creates a live snapshot of trust based on current events on the mail server. Again, existing technology would favor an XML format. Very sad, indeed. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, December 10, 2003 09:16 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Web-o-Trust At 06:27 PM 12/10/2003, you wrote: I'm with Todd here. I see very little value here. I don't have a problem with blocking E-mail from snip I'm not against the idea of having some form of a registry, however the root of the problem is in differentiating among the gray stuff and not among the non-automated stuff. I find value in things like BONDEDSENDER, though to some purists, they view this as legitimizing large commercial spammers because their definition of spam differs from mine. Heck, Kami and I can't even agree on what spam is when it comes to this gray area stuff, and although I trust Kami's opinion on what he considers to be trusted senders, I wouldn't automatically trust his customers, or some list over which he is only in part involved in maintaining. * See my PS for a description of how this objection might be mitigated. ship If someone can show me the value of crediting points to hosts which account for almost none of my mail volume, over which I have no familiarity with their rules and procedures, and for which I am not aware of any substantial problems, I will definitely reconsider my stance. WOT turns out to be very similar to the COT (Circle Of Trust) features we are going to build into Message Sniffer. Snice WOT seems to be getting some attention we've decided to push forward some of that development toward building utilities that are compatible with WOT, and specifically that automate some of the admin process. The COT systems we have planned will allow like-minded peers to share policy decisions and ratings for email sources. Our COT mechanisms will provide for a colorful gradiation... but the first mechanisms to be implemented will establish the black and white edges of the spectrum. In the simplest terms, the black edge is where email sources only produce spam and/or malware and the white edge is where sources never produce these. WOT offers an early opportunity to define the white edge, so we're anxious to begin supporting it. As you point out, the white edge is somewhat fuzzy depending upon your definition of spam, but this can be mitigated through some fairly simple math - and in the end the extreme white will generally be agreed between systems as much as the extreme black is often common ground. The benefit of having a reference to the white edge is primarily the elimination of false positives from previously unknown sources and transient filtering errors. The value of this scheme is particularly enhanced if your definition of the white edge is derived from like-minded peers and in particular systems that are your common neighbors and their neighbors. (if you're likely to have common contacts) If the generation of white edge information can be automated (and we think it can) then this frees your system to be more aggressive in defining what is black since the probability of false positives is reduced. (sorry if any of this is fuzzy... it is sometimes difficult to explain the real leverage that can be attained through network effects.) To summarize, if the generation of your WOT can be automated based on the messages that you receive which are extremely white then the benefit of sharing that information with other systems is that you can gain access to their information. Everyone in the group can then be more aggressive with their filtering. --- I don't want to put too much emphasis on this, in particular because there are problems with defining a source strictly from the IP address, but you might also think of the problem in the following way: Through the use of virii and other means spammers have potential access to the vast majority of the IP space for sending their content. Comparatively there are very few points in the IP space that are legitimate sources for email - that is, sources which are at least email servers as opposed to randomly
RE: [Declude.JunkMail] Web-o-Trust
As much as I like and will support the concept, I couldn't help but cringe that someone comes up with a new web-based system - and then defines their proprietary formatting for their config file instead of trying to reuse existing standards, e.g., adopting XML as a format. In general, though, XML and other such tools are used for applications (such as supply chain management), whereas lower level (less complex) tools such as standard text files served by HTML are used for Internet protocols. Needless to say, had Web-o-Trust used XML, it's unlikely that Declude JunkMail would have supported it quickly, and it's unlikely that we would have added our own WOT (which would have hurt our customers). Since the concept is quite simple, and doesn't require any special tools, we can add support for it quite easily. Very sad, indeed. Is it though? There isn't much need for parsing tools. The developers of WOT have collate (which unfortunately uses Python), and we're coming up with a Windows .exe to do the same thing. But if Joe Developer wants to add WOT support to their anti-spam software, they don't need to deal with the details. So we're not talking about dozens or hundreds of applications that are interfacing to WOT (as opposed to DNS-based spam databases, where there are probably hundreds of such applications). Sure, there will be some that duplicate collate (such as ours), and probably some that do something else that is neat. But not enough that I think XML would be necessary. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Web-o-Trust
At 09:33 PM 12/10/2003, you wrote: Hi Pete: Very informative. As much as I like and will support the concept, I couldn't help but cringe that someone comes up with a new web-based system - and then defines their proprietary formatting for their config file instead of trying to reuse existing standards, e.g., adopting XML as a format. I appreciate your thoughts. I've spent some time on this with ASRG,... see: http://www.sortmonster.com/ASRG/index.html What this effort and some practical experience has taught me is that XML tends to have a bit more overhead than is truly needed for some problems. It's an odd reality, but it turns out that XML may be too good to enable the first implementation of something like WOT, or even CPDL. Implementing WOT as written is blindingly simple... and this is precisely because it leaves a lot of obvious problems unsolved... XML would solve many of those problems, but it would carry with it an implied requirement for lots of complexity and overhead. I discovered precisely the same conflict when working on CPDL at the point where I began to define import and export rules. It turns out that in practice the characteristics of the required import/export model don't fit the inherent XML tools efficiently - in particular where in CPDL one defines the occasionally complex relationships required to define those transactions... In truth, it could certainly be done, but the solution would be far more complex than if the model for import/export were defined as a simple XML object that stays within the paradigm of the task. So, I started down that road - and I was quickly faced with the inherent conflict. If the import/export functions are handled in the application space by defining models in XML, then that import/export mechanism is redundant in some ways. The XML purists then insist that the correct way to handle the import/export mechanisms is by leveraging XML standards... There are good reasons for this, and having two ways to essentially include another file is not only redundant but also leads to ambiguity and complexity... So, having lost the debate we decide to stay with pure XML... but... If we head down that road we end up with a solution that is correct for XML, but wrong for the application... Further, the engine implementing the application must now faithfully implement all of the XML standard(s) in order not to cause problems down the road when some enterprising XML specialist attempts to take advantage of capabilities that are implied to be present. End result: Do it with XML and the cost of the project far exceeds it's immediate viability. Do it with some simple alternate standard and the cost/benefit ratio of the project becomes vanishingly small - at least up front. I've run into a similar paradox recently with new Message Sniffer features. Clearly it is time to implement a configuration file since current and future upgrades will require some complex parameter sets. Clearly the best solution to coding that configuration file is via XML (for many reasons). However, in attempting to code such a thing I quickly discover that the cost of the XML solution far outstrips the available budget(s) and would delay deployment unreasonably... Oh I hate it, but the only practical solution for the immediate term is to create a simple, straight forward configuration file and then suffer the support issues involved in converting to a more comprehensive XML based solution later when budgets permit. Having faced so many of these cases in recent days I find I cringe less often when I see things like WOT show up. In practice, something like WOT that is so simple is far more likely to succeed in these early times. Packaged as it is, WOT is a virtually no-cost potentially high-benefit solution... You and I know that as it grows it will run into real problems and limitations that would never arise if only it were done with XML at the start... and perhaps when these limitations become important (or even before) someone will convert the project or present a working alternative. Perhaps, like a Windows desktop that must be rebooted 3 times a day as a matter of course, it will always be good enough just like it is. (Sorry M$ fans, I just had to take the shot - it was too obvious ;-) None the less, if we saddle WOT with the burden of XML compliance right now, then we can virtually certify it's death on the vine... I forget where (maybe MIT or CMU), but I recently read a research paper that describes precisely this dynamic at work. It was titled something like: The wrong solution always wins. I'm not sure of the title - I'm paraphrasing... but I remember that coming across the thing really made my blood curdle. Then as I read it and did the math my life flashed before me - every battle I'd ever fought to build the perfect product only to have it shelved before deployment, any project I ever worked on that was canceled before it