RE: [Declude.JunkMail] Web-O-Trust or ?

[Kami Razvan]

Have you checked the filter file to see what IP range matched? 

The IP entry is: 207.217.120.0/24

In the list of participants, the 5th entry in the list of participants.

-
http://www.web-o-trust.org/browse.cgi?url=http://web-o-trust.org/everybody.t
xt

 I found it here: 

- http://home.teleport.com/~amurph/web-o-trust.txt

Regards,
Kami

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-O-Trust or ?

[R. Scott Perry]

Have you checked the filter file to see what IP range matched? 

The IP entry is: 207.217.120.0/24

In the list of participants, the 5th entry in the list of participants.

-
http://www.web-o-trust.org/browse.cgi?url=http://web-o-trust.org/everybody.t
xt
 I found it here:

- http://home.teleport.com/~amurph/web-o-trust.txt
In this case, the first thing to do is send an E-mail to their contact 
address.  If they cannot provide a reasonable explanation of how the spam 
got through, you can use an omit: line (and suggest that others do), to 
prevent any future spam from getting through from them.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-O-Trust or ?

[Kami Razvan]

Scott:

This guy is out of his mind... Look at his comments:

 version: http://web-o-trust.org/1.01.html
# http://www.web-o-trust.org/ - version: correction needed in the
example ;)
# Note: comments are under their respective ip:
# Note: IPv6 addresses may or may not be supported...remains to be seen
# Note: F-sharp
# Note: This file should stay here:
http://home.teleport.com/~amurph/web-o-trust.txt
# Note: This is my first-level trust.  I also have web-o-trust-2.txt; see
below.
# Note: These are, respectively, Earthlink, sccrmxc14.comcast.net,
rwcrmhc13.comcast.net, 
# Note: ...and one you can spot with rDNS.
ip: 207.217.120.0/24
ip: 204.127.202.0/24
ip: 204.127.198.0/24
ip: 67.89.105.244

Is this what I think it is.. He is listing the entire Earthlink.com?

Please visit this and see: http://home.teleport.com/~amurph/web-o-trust.txt

Regards,
Kami

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, December 26, 2003 9:08 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Web-O-Trust or ?


Have you checked the filter file to see what IP range matched? 

The IP entry is: 207.217.120.0/24

In the list of participants, the 5th entry in the list of participants.

-
http://www.web-o-trust.org/browse.cgi?url=http://web-o-trust.org/everyb
ody.t
xt

 I found it here:

- http://home.teleport.com/~amurph/web-o-trust.txt

In this case, the first thing to do is send an E-mail to their contact
address.  If they cannot provide a reasonable explanation of how the spam
got through, you can use an omit: line (and suggest that others do), to
prevent any future spam from getting through from them.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-O-Trust or ?

[R. Scott Perry]

This guy is out of his mind... Look at his comments:

# Note: These are, respectively, Earthlink, sccrmxc14.comcast.net,
rwcrmhc13.comcast.net,
ip: 207.217.120.0/24
Is this what I think it is.. He is listing the entire Earthlink.com?
This should be treated in the same way as if someone you trust (perhaps 
someone on this list) told you to whitelist that IP range.  You've seen 
spam come from it, so it definitely isn't a good IP range to 
whitelist.  Therefore, you should contact him to see why he is listing that 
Class C range, and make sure that he knows that spam is being sent from 
it.  If he comes up with a very good explanation, that's fine.  Otherwise, 
you can omit: him.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-O-Trust or ?

[Matthew Bramble]

Kami,

This guy also links to the following:

   http://users.adelphia.net/~equalizer/web-o-trust.txt

Which includes what appears to be all of Adelphia.

I'm not sure if people are paying attention, but I pointed both of these 
files out when the topic first came up.  Now the mistakes have managed 
to propagate through to a great deal of those here.

Matt



Kami Razvan wrote:

Scott:

This guy is out of his mind... Look at his comments:

version: http://web-o-trust.org/1.01.html
# http://www.web-o-trust.org/ - version: correction needed in the
example ;)
# Note: comments are under their respective ip:
# Note: IPv6 addresses may or may not be supported...remains to be seen
# Note: F-sharp
# Note: This file should stay here:
http://home.teleport.com/~amurph/web-o-trust.txt
# Note: This is my first-level trust.  I also have web-o-trust-2.txt; see
below.
# Note: These are, respectively, Earthlink, sccrmxc14.comcast.net,
rwcrmhc13.comcast.net, 
# Note: ...and one you can spot with rDNS.
ip: 207.217.120.0/24
ip: 204.127.202.0/24
ip: 204.127.198.0/24
ip: 67.89.105.244

Is this what I think it is.. He is listing the entire Earthlink.com?

Please visit this and see: http://home.teleport.com/~amurph/web-o-trust.txt

Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, December 26, 2003 9:08 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Web-O-Trust or ?
 

Have you checked the filter file to see what IP range matched? 

The IP entry is: 207.217.120.0/24

In the list of participants, the 5th entry in the list of participants.

-
http://www.web-o-trust.org/browse.cgi?url=http://web-o-trust.org/everyb
ody.t
xt
 I found it here:

- http://home.teleport.com/~amurph/web-o-trust.txt
   

In this case, the first thing to do is send an E-mail to their contact
address.  If they cannot provide a reasonable explanation of how the spam
got through, you can use an omit: line (and suggest that others do), to
prevent any future spam from getting through from them.
   -Scott
 



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Web-O-Trust or ?

[Kami Razvan]

Good 
morning...

I just noticed a 
caught spam that shows the Web-O-Trust filter being triggered. This is the 
filter that I think Bill posted after running the program on the 
site.

At the moment we 
have 0 weight on the filter since we are just testing it. But as it 
appears it is not all that trust worthy.. 

Regards,
Kami

===
From: "Thermal 
Aid" [EMAIL PROTECTED]Subject: 
[24~]Got the Flu? Relief as low as $19.95To: 
XContent-Type: multipart/alternative; 
boundary="=_NextPart_2rfkindysadvnqw3nerasdf"MIME-Version: 1.0Reply-To: 
[EMAIL PROTECTED]Date: 
Wed, 24 Dec 2003 13:13:20 -0600X-Mailer: Microsoft Outlook, Build 
10.0.2616Message-Id: [EMAIL PROTECTED]X-IMAIL-SPAM-DNSBL: 
(BLARS,14668,127.1.0.9)X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"X-RBL-Warning: IPNOTINMX: 
X-RBL-Warning: WEB-O-TRUST: X-RBL-Warning: 
FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test (line 17, weight 
5)X-RBL-Warning: FILTER-SPAM-HTML: Message failed FILTER-SPAM-HTML test 
(line 80, weight 10)X-RBL-Warning: FILTER-SUBJECT: Message failed 
FILTER-SUBJECT test (line 21, weight 2)X-RBL-Warning: 
FILTER-PRINTER-SUPPLIES: Message failed FILTER-PRINTER-SUPPLIES test (line 23, 
weight 20)X-Declude-Sender: [EMAIL PROTECTED] 
[207.217.120.41]X-Declude-Spoolname: 
De55308ad00d4c2a7.SMDX-Note: This E-mail was scanned  filtered by 
Declude [1.77i8] for SPAM  virus.X-Spam Score: 24 [Blocked on 
20+]X-Note: Sent from Reverse DNS: 
waxbill.mail.pas.earthlink.netX-Hello: 
waxbill.mail.pas.earthlink.netX-Spam-Tests-Failed: NOABUSE, IPNOTINMX, 
WEB-O-TRUST, FILTER-HEADER-XMAIL, FILTER-SPAM-HTML, FILTER-SUBJECT, 
FILTER-PRINTER-SUPPLIES, WEIGHT20s, WEIGHT20rX-Note: Recipient(s): 
XX-Country-Chain: UNITED 
STATES-destinationX-Declude-Date: 12/24/2003 19:13:20 [0]X-RCPT-TO: 
X

RE: [Declude.JunkMail] Web-O-Trust or ?

[John Tolmachoff \(Lists\)]

Hello Kami.





John Tolmachoff

Engineer/Consultant/Owner

eServices For You







-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan
Sent: Thursday,
 December 25, 2003 4:22 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Web-O-Trust
or ?





Good morning...











I just noticed a caught spam that shows the Web-O-Trust
filter being triggered. This is the filter that I think Bill posted after
running the program on the site.











At the moment we have 0 weight on the filter since we are
just testing it. But as it appears it is not all that trust worthy.. 











Regards,





Kami











===





From: Thermal Aid [EMAIL PROTECTED]
Subject: [24~]Got the Flu? Relief as low as $19.95
To: X
Content-Type: multipart/alternative;
boundary==_NextPart_2rfkindysadvnqw3nerasdf
MIME-Version: 1.0
Reply-To: [EMAIL PROTECTED]
Date: Wed, 24 Dec 2003 13:13:20 -0600
X-Mailer: Microsoft Outlook, Build 10.0.2616
Message-Id: [EMAIL PROTECTED]
X-IMAIL-SPAM-DNSBL: (BLARS,14668,127.1.0.9)
X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED]
X-RBL-Warning: IPNOTINMX: 
X-RBL-Warning:
WEB-O-TRUST: 
X-RBL-Warning: FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test
(line 17, weight 5)
X-RBL-Warning: FILTER-SPAM-HTML: Message failed FILTER-SPAM-HTML test (line 80,
weight 10)
X-RBL-Warning: FILTER-SUBJECT: Message failed FILTER-SUBJECT test (line 21,
weight 2)
X-RBL-Warning: FILTER-PRINTER-SUPPLIES: Message failed FILTER-PRINTER-SUPPLIES
test (line 23, weight 20)
X-Declude-Sender: [EMAIL PROTECTED]
[207.217.120.41]
X-Declude-Spoolname: De55308ad00d4c2a7.SMD
X-Note: This E-mail was scanned  filtered by Declude [1.77i8] for SPAM
 virus.
X-Spam Score: 24 [Blocked on 20+]
X-Note: Sent from Reverse DNS: waxbill.mail.pas.earthlink.net
X-Hello: waxbill.mail.pas.earthlink.net
X-Spam-Tests-Failed: NOABUSE, IPNOTINMX, WEB-O-TRUST, FILTER-HEADER-XMAIL,
FILTER-SPAM-HTML, FILTER-SUBJECT, FILTER-PRINTER-SUPPLIES, WEIGHT20s, WEIGHT20r
X-Note: Recipient(s): X
X-Country-Chain: UNITED STATES-destination
X-Declude-Date: 12/24/2003 19:13:20 [0]
X-RCPT-TO: X

Re: [Declude.JunkMail] Web-O-Trust or ?

[R. Scott Perry]

I just noticed a caught spam that shows the Web-O-Trust filter being 
triggered.  This is the filter that I think Bill posted after running the 
program on the site.
Have you checked the filter file to see what IP range matched?  The two 
things to look for are [1] the site that listed the IP (if there is a rogue 
site, we all need to know -- this is pretty quick for a spammer to get into 
it), and [2] a poor IP range (someone accidentally adding 192.0.2.0/8, 
confusing /24 and /8), which would whitelist too large an area.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-O-Trust or ?

[Matthew Bramble]

Merry Christmas everyone.

Any way...the problem was eluded to before, in fact the listings that 
caused this problem have always been there:

   http://www.mail-archive.com/[EMAIL PROTECTED]/msg13918.html

We shouldn't be trusting ISP mail servers.  If isolated instances like 
this aren't enough, consider that others such as swbell.net have been 
tagged as a multistage open relay, and it appears that this might be 
correct based on the following:

   http://groups.google.com/groups?scoring=dq=151.164.30.28+group:*abuse*

That server has been relaying spam since July of 2000, and the reports 
might be attributed to this server also handling forwarding.  I have to 
look at this further, but I want to go and play with my choo-choo train 
and Tickle Me Elmo that Santa brought me.  The presents that the 
spammers brought me won't be opened until tomorrow :)

Matt



R. Scott Perry wrote:


I just noticed a caught spam that shows the Web-O-Trust filter being 
triggered.  This is the filter that I think Bill posted after running 
the program on the site.


Have you checked the filter file to see what IP range matched?  The 
two things to look for are [1] the site that listed the IP (if there 
is a rogue site, we all need to know -- this is pretty quick for a 
spammer to get into it), and [2] a poor IP range (someone accidentally 
adding 192.0.2.0/8, confusing /24 and /8), which would whitelist too 
large an area.

   -Scott


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] web-o-trust python output

[Bill Landry]

I have not seen a single hit from the web-o-trust IP4R database, so I am
wondering if they have populated it with any other than the test IP address.

Anyway, if anybody is interested, here are the IP addresses that can be
gathered by running the python script (that can be downloaded from the
web-o-trust web site) against their own WOT file:

===
216.161.119.28/32
63.227.74.40/29
206.154.12.6
206.154.12.5
206.154.12.1
216.239.181.44
199.181.178.202
199.181.178.210
199.181.178.249
206.161.134.0/24
64.4.213.160/28
192.220.90.245
64.42.30.33
64.42.30.59
195.127.133.64/26
63.107.174.0/25
63.107.174.9
63.107.174.74
63.107.174.79
66.101.136.32
216.153.138.70
66.218.0.195
66.218.0.196
12.5.16.230
12.5.18.101
12.5.20.80
12.5.20.81
12.5.20.100
12.5.20.105
12.5.20.108
12.5.20.109
131.161.246.241
127.0.0.4
216.239.181.44
131.161.246.241
216.161.119.28/32
63.227.74.40/29
65.39.146.50
65.39.146.51
216.158.54.130
66.187.244.0/24
66.187.250.0/24
66.187.254.0/24
216.64.213.0/24
208.31.42.38
208.31.42.42
208.31.42.38
208.31.42.42
208.31.212.48
127.0.0.1
68.59.9.227
66.143.181.9
66.143.181.11
68.14.232.127
216.19.203.209
207.217.120.0/24
204.127.202.0/24
204.127.198.0/24
193.115.218.0/24
204.74.64.0/18
207.126.97.0/24
207.126.97.0/24
128.223.142.13
128.223.142.14
128.223.32.18
128.223.32.6
128.223.60.21
208.31.40.0/21
216.99.221.0/24
18.7.21.0/24
204.178.72.212
65.83.168.66
209.98.250.78
209.98.98.0/23
208.42.156.0/25
202.14.177.1
203.9.150.1
203.9.150.105
212.17.35.15
127.0.0.3
195.8.166.131
195.8.166.134
195.8.189.42
146.101.158.130
195.92.253.3
82.195.234.0/28
82.36.140.4
216.37.23.2
206.135.50.0/24
208.254.47.10
208.254.47.11
66.199.168.4
200.112.193.11
65.172.240.34
192.203.178.0/24
63.107.174.65
63.107.174.14
63.107.174.32
65.119.204.32
63.107.174.8
63.107.174.78
219.122.122.130
221.188.40.145
212.32.4.25
82.195.234.0/28
69.59.138.210
203.56.139.100
66.181.128.0/27
131.161.246.241
65.39.146.50
65.39.146.51
192.136.111.0/24
208.128.241.224/29
216.239.181.44
204.189.38.0/24
204.189.39.254
206.114.136.0/23
131.161.246.241
205.179.156.40
204.152.188.42
128.223.142.13
128.223.142.14
128.223.32.18
128.223.32.6
128.223.60.21
208.31.212.35
208.31.212.43
208.31.214.2
195.92.253.3
63.107.174.65
63.107.174.14
63.107.174.32
65.119.204.32
63.107.174.8
63.107.174.78
24.107.232.14
208.31.212.48
127.0.0.2
68.168.78.0/24
24.48.57.4
24.48.58.217
24.48.57.10
24.48.58.218
209.18.32.0/20
24.75.0.0/17
24.75.128.0/20
66.109.0.0/20
68.168.64.0/20
24.49.141.249
24.48.52.0/24
24.48.31.79
216.88.36.96
216.88.36.160/27
209.98.1.0/26
209.98.1.224/27
204.249.106.2
209.114.181.235
209.114.181.237
208.249.185.98
82.34.1.89
216.239.181.44
64.35.140.249
64.35.140.251
192.94.170.0/24
66.93.190.199
66.93.190.238
207.217.120.0/24
204.127.202.0/24
204.127.198.0/24
67.89.105.244
207.166.198.224/29
207.166.198.22
12.169.125.2
131.161.246.241
64.65.64.0/25
66.92.144.25
66.92.144.195
66.92.144.187
66.92.144.211
208.31.42.38
208.31.42.42
209.208.127.0/29
209.208.127.8/30
209.208.127.36
209.208.121.25
209.208.0.105
209.208.0.71
209.208.0.20
209.208.0.4
209.208.48.121
209.208.48.114
208.152.224.3
208.152.224.2
208.152.224.4
209.208.0.15
216.239.181.44
64.69.80.178
195.92.253.3
82.195.234.0/28
82.36.140.4
212.32.5.0/28
195.200.1.58
209.10.69.128/25
209.63.164.120
192.150.103.0/24
204.74.68.55
192.83.249.28
206.55.70.42
216.239.181.44
65.39.146.37
209.17.183.249
198.63.208.11
198.63.208.9
198.63.208.144
216.177.97.41
207.126.97.64
192.150.103.17
204.74.68.55
38.113.200.0/24
128.223.142.13
128.223.142.14
128.223.32.18
128.223.32.6
128.223.60.21
216.239.181.44
64.65.77.46/32
===

With these address you can create an ipfile like Scott illustrated in a
previous post to the list:

WOT  ipfile  D:\IMail\Declude\wotfile.txt  x  -10  x

Bill

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Markus Gufler]

 How do the names get added to the list (or web-o-trust)?
 
 By getting someone to trust them.
 
 For example, we're asking that our customers let us know that 
 they have set up a WOT file, and we add them to our WOT file, 
 which a lot of people already trust.

Hi Scott,

As an ISP we host several webspaces of our customers and have full control
of it.

It's possible (and considerable) to set up a script that creates
web-o-trust.txt files for all this customers on their own webspace and so
create our little trusted network?

Makes this any sense if all this customers send out messages over the same
MTA (and IP)?

Final question: If I've setup up this txt file. What else shoild I do? How
my declude know which other IP's are WOT-whitelisted?

Markus

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Andy Schmidt]

Markus:

The following line will give everyone with a web-o-trust a little negative
weight.

WEB-O-TRUST ip4rcabal.web-o-trust.org   *   -2
0

At present - it truly means everyone. They have already stated that
eventually they'll become selective on which Ips they add to their whitelist
RBL.

Best Regards
Andy Schmidt

HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206

http://www.HM-Software.com/


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Thursday, December 11, 2003 05:00 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Web-o-Trust


Hi Scott,

As an ISP we host several webspaces of our customers and have full control
of it.

It's possible (and considerable) to set up a script that creates
web-o-trust.txt files for all this customers on their own webspace and so
create our little trusted network?

Makes this any sense if all this customers send out messages over the same
MTA (and IP)?

Final question: If I've setup up this txt file. What else shoild I do? How
my declude know which other IP's are WOT-whitelisted?

Markus

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[Bill Landry]

Andy, do they seem to be responding to your IP4R queries.  The site appears
to be down from my perspective.

Bill
- Original Message - 
From: Andy Schmidt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 2:11 PM
Subject: RE: [Declude.JunkMail] Web-o-Trust


Markus:

The following line will give everyone with a web-o-trust a little negative
weight.

WEB-O-TRUST ip4rcabal.web-o-trust.org * -2
0

At present - it truly means everyone. They have already stated that
eventually they'll become selective on which Ips they add to their whitelist
RBL.

Best Regards
Andy Schmidt

HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206

http://www.HM-Software.com/


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Thursday, December 11, 2003 05:00 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Web-o-Trust


Hi Scott,

As an ISP we host several webspaces of our customers and have full control
of it.

It's possible (and considerable) to set up a script that creates
web-o-trust.txt files for all this customers on their own webspace and so
create our little trusted network?

Makes this any sense if all this customers send out messages over the same
MTA (and IP)?

Final question: If I've setup up this txt file. What else shoild I do? How
my declude know which other IP's are WOT-whitelisted?

Markus

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

Andy, do they seem to be responding to your IP4R queries.  The site appears
to be down from my perspective.
http://www.dnsstuff.com/tools/lookup.ch?name=2.0.0.127.cabal.web-o-trust.orgtype=A 
shows that it is working.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[Bill Landry]

Yep, it does appear to be back up now.  However, for about an hour after I
implemented the test, my bind logs showed that the server was not
responding.

Bill
- Original Message - 
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 5:59 PM
Subject: Re: [Declude.JunkMail] Web-o-Trust



 Andy, do they seem to be responding to your IP4R queries.  The site
appears
 to be down from my perspective.


http://www.dnsstuff.com/tools/lookup.ch?name=2.0.0.127.cabal.web-o-trust.orgtype=A
 shows that it is working.

 -Scott
 ---
 Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
 Declude Virus: Catches known viruses and is the leader in mailserver
 vulnerability detection.
 Find out what you've been missing: Ask about our free 30-day evaluation.

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[Bill Landry]

Wow, certainly not a very stable server:

=
How I am searching:
Searching for A record for 2.0.0.127.cabal.web-o-trust.org at
d.root-servers.net:  Got referral to TLD2.ULTRADNS.NET. [took 45 ms]
Searching for A record for 2.0.0.127.cabal.web-o-trust.org at
TLD2.ULTRADNS.NET.:  Got referral to angel.heaven.net. [took 43 ms]
Searching for A record for 2.0.0.127.cabal.web-o-trust.org at
angel.heaven.net.:  Got referral to a.ns.cabal.web-o-trust.org. [took 98 ms]
Searching for A record for 2.0.0.127.cabal.web-o-trust.org at
a.ns.cabal.web-o-trust.org.:  Timed out.  Trying again.
Searching for A record for 2.0.0.127.cabal.web-o-trust.org at
a.ns.cabal.web-o-trust.org.:  Timed out.  Trying again.
Searching for A record for 2.0.0.127.cabal.web-o-trust.org at
a.ns.cabal.web-o-trust.org.:  Timed out.  Trying again.
Searching for A record for 2.0.0.127.cabal.web-o-trust.org at
a.ns.cabal.web-o-trust.org.:  Timed out.  Trying again.
Searching for A record for 2.0.0.127.cabal.web-o-trust.org at
a.ns.cabal.web-o-trust.org.:  Timed out.  Trying again.
Searching for A record for 2.0.0.127.cabal.web-o-trust.org at
a.ns.cabal.web-o-trust.org.:  Timed out.  Trying again.
=

Don't think I will be running this test right away, at least not until they
can keep their name servers up and responding.

Bill

- Original Message - 
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 6:12 PM
Subject: Re: [Declude.JunkMail] Web-o-Trust


 Yep, it does appear to be back up now.  However, for about an hour after I
 implemented the test, my bind logs showed that the server was not
 responding.

 Bill
 - Original Message - 
 From: R. Scott Perry [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, December 11, 2003 5:59 PM
 Subject: Re: [Declude.JunkMail] Web-o-Trust


 
  Andy, do they seem to be responding to your IP4R queries.  The site
 appears
  to be down from my perspective.
 
 

http://www.dnsstuff.com/tools/lookup.ch?name=2.0.0.127.cabal.web-o-trust.orgtype=A
  shows that it is working.
 
  -Scott
  ---
  Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
  Declude Virus: Catches known viruses and is the leader in mailserver
  vulnerability detection.
  Find out what you've been missing: Ask about our free 30-day evaluation.
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

We've recently learned about Web-o-Trust (WOT), which is a whitelisting 
system that has a lot of potential.  Specifically, you whitelist your own 
IPs, and then link to others that you want whitelisted.

For example, we've created a file at http://www.declude.com/web-o-trust.txt 
that lists the IP of our mailserver.  It lists the IP address of our 
mailserver.  It also has a link to another WOT file, which links us in to 
many other WOT files.

Then, as customers of ours create their own WOT files, we'll add them to 
ours.  So anyone using our WOT file (anyone that trusts us) will end up 
whitelisting all your E-mails -- as well as those that you trust.  There 
are limits that can be put into place as far as how deep this will go.

So, my request is that people go to http://www.web-o-trust.org and set up 
your own WOT file, and then let me know the URL of your WOT file 
(preferably off-list, to reduce traffic to this list).  I'll add you to our 
WOT file, which is being used by many/most other people using Web-o-Trust, 
so your E-mail will start getting whitelisted at other mailservers.

They also have a collate program that will let you automatically create 
files which should be compatible with the Declude JunkMail IP blacklists, 
allowing you to give a negative weight to anyone whose IP is in one of the 
WOT files.  If it looks like WOT could take off, we'll look at adding 
native support for it into Declude JunkMail.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

So, my request is that people go to http://www.web-o-trust.org and set up 
your own WOT file, and then let me know the URL of your WOT file 
(preferably off-list, to reduce traffic to this list).  I'll add you to 
our WOT file, which is being used by many/most other people using 
Web-o-Trust, so your E-mail will start getting whitelisted at other 
mailservers.
Although the details at http://www.web-o-trust.org (and 
http://www.web-o-trust.org/1.01.html which describes the WOT file format), 
for those that have precious little time, here is what you can do:

[1] Create a file web-o-trust.txt

[2] Add the following lines to it:

version: http://web-o-trust.org/1.01.html
ip: 192.0.2.25
ip: 192.0.2.0/24
include: http://www.declude.com/web-o-trust.txt
contact: mailto:[EMAIL PROTECTED]
keepfor: 86400
[3] All you need to change is the contact (to an E-mail address of yours; 
you may want to use a tagged E-mail address, such as 
[EMAIL PROTECTED], as the address may get harvested) or omit it, then 
add any IP ranges of yours that you want to include (with lines such as 
ip: 192.0.2.25 or ip: 192.0.2.0/24).  That will get you a basic 
implementation, that will have you set up to whitelist anyone that we trust.

[4] Publish it on your web site, preferably as 
http://www.example.com/web-o-trust.txt (but it can be in a different 
location if needed).

[5] Let me know, so that I can add you to our WOT file, so that anyone who 
trusts us will trust you.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

Scott, I looked into this several months ago, but at the time it did not
seem to be getting much interest, and still doesn't appear to have much of a
following (maybe 100 participants so far on their list).
That's correct.  But about half of them joined within the past few 
days.  When I first heard of it, I didn't think much of it -- but now, 
there are a number of organizations using it (including one that previously 
would refuse our mail), and it's starting to reach critical mass.  There 
are also a number of people in the anti-spam community that are actively 
pursuing WOT.

However, I am willing to give it a go.  Question, how do we use this with 
Declude JunkMail
in its current form?
They also have a collate program that will let you automatically create 
files which should be compatible with the Declude JunkMail IP blacklists, 
allowing you to give a negative weight to anyone whose IP is in one of the 
WOT files.  If it looks like WOT could take off, we'll look at adding 
native support for it into Declude JunkMail.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

Scott, I looked into this several months ago, but at the time it did not
seem to be getting much interest, and still doesn't appear to have much of a
following (maybe 100 participants so far on their list).  However, I am
willing to give it a go.  Question, how do we use this with Declude JunkMail
in its current form?
Something else that is worth mentioning here is that there are a number of 
IPs that will almost never send spam, but will be likely to get caught as 
spam.  For example, purchase confirmations from eBay, amazon, etc. have a 
higher likelihood of getting caught than normal E-mail -- but their IPs 
just don't send out spam.  All it takes is one person adding those IPs, and 
without any work on the part of everyone else, they will be able to get 
mail from those IPs without a problem.

FWIW, we are working on a Windows program to automatically crawl through 
WOT files and generate sorted IP blacklist files (along with comments 
showing where the IP came from), without having to figure out how to run 
Python that the collate program is written in.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[andyb]

I think WOT could be very worth while for the 10-15 minutes it takes to
setup.

- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 4:32 PM
Subject: Re: [Declude.JunkMail] Web-o-Trust



 Scott, I looked into this several months ago, but at the time it did not
 seem to be getting much interest, and still doesn't appear to have much
of a
 following (maybe 100 participants so far on their list).  However, I am
 willing to give it a go.  Question, how do we use this with Declude
JunkMail
 in its current form?

 Something else that is worth mentioning here is that there are a number of
 IPs that will almost never send spam, but will be likely to get caught as
 spam.  For example, purchase confirmations from eBay, amazon, etc. have a
 higher likelihood of getting caught than normal E-mail -- but their IPs
 just don't send out spam.  All it takes is one person adding those IPs,
and
 without any work on the part of everyone else, they will be able to get
 mail from those IPs without a problem.

 FWIW, we are working on a Windows program to automatically crawl through
 WOT files and generate sorted IP blacklist files (along with comments
 showing where the IP came from), without having to figure out how to run
 Python that the collate program is written in.

 -Scott
 ---
 Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
 Declude Virus: Catches known viruses and is the leader in mailserver
 vulnerability detection.
 Find out what you've been missing: Ask about our free 30-day evaluation.

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Andy Schmidt]

Do you get titles, such as flight-attendant, engineer, pilot etc? G

(Adding a fringe benefit like this usually improves participation.)

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Todd Holt]

Pardon my jumping in this discussion late:

How do the names get added to the list (or web-o-trust)?
It appears that companies say, I'm not a spammer, trust me!  What
keeps the spammers of the list?
The distributed nature of the management is what keeps the time
commitment down, but at the same time minimizes the effectiveness.

What am I missing here?

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of andyb
 Sent: Wednesday, December 10, 2003 2:36 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.JunkMail] Web-o-Trust
 
 I think WOT could be very worth while for the 10-15 minutes it takes
to
 setup.
 
 - Original Message -
 From: R. Scott Perry [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Wednesday, December 10, 2003 4:32 PM
 Subject: Re: [Declude.JunkMail] Web-o-Trust
 
 
 
  Scott, I looked into this several months ago, but at the time it
did
 not
  seem to be getting much interest, and still doesn't appear to have
much
 of a
  following (maybe 100 participants so far on their list).  However,
I am
  willing to give it a go.  Question, how do we use this with Declude
 JunkMail
  in its current form?
 
  Something else that is worth mentioning here is that there are a
number
 of
  IPs that will almost never send spam, but will be likely to get
caught
 as
  spam.  For example, purchase confirmations from eBay, amazon, etc.
have
 a
  higher likelihood of getting caught than normal E-mail -- but their
IPs
  just don't send out spam.  All it takes is one person adding those
IPs,
 and
  without any work on the part of everyone else, they will be able to
get
  mail from those IPs without a problem.
 
  FWIW, we are working on a Windows program to automatically crawl
through
  WOT files and generate sorted IP blacklist files (along with
comments
  showing where the IP came from), without having to figure out how to
run
  Python that the collate program is written in.
 
  -Scott
  ---
  Declude JunkMail: The advanced anti-spam solution for IMail
mailservers.
  Declude Virus: Catches known viruses and is the leader in mailserver
  vulnerability detection.
  Find out what you've been missing: Ask about our free 30-day
evaluation.
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 
 
 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 ---
 [This E-mail scanned for viruses by Declude Virus
 (http://www.declude.com)]


---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

How do the names get added to the list (or web-o-trust)?
By getting someone to trust them.

For example, we're asking that our customers let us know that they have set 
up a WOT file, and we add them to our WOT file, which a lot of people 
already trust.

It appears that companies say, I'm not a spammer, trust me!  What
keeps the spammers of the list?
Several things.

First is the limitations -- for example, if you trust us (that the IPs we 
list and the WOT files that we list are all good), but have a feeling 
that one of our customers may somehow include a spammer's WOT file, you can 
use include http://www.declude.com/web-o-trust.txt 2, which will trust us 
(1) and our customers (2).  But it will not trust IPs that our customers trust.

Second is omit.  If we find that somehow a spammer gets a WOT file that 
our WOT file trusts, we can omit it (omit 
http://www.spammer_domain.com/web-o-trust.txt ).

But, it would be a real hassle for a spammer to do this -- they typically 
have lots of compromised servers that they would need to list, and would 
need to find someone to trust them.  Even if they find someone to trust 
them, they won't have any idea how many people are whitelisting them (since 
many people will use the limits).  Then, once they are caught, they will 
quickly be removed.

Of course, only time will tell how effective it really turns out to be.  I 
think it has a lot of promise.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Andy Schmidt]

From what I read so far, the idea is that you need someone ELSE (who
him/herself was trusted before) to trust you (e.g., Scott has offered to
trust his customers.)

Basically, you whitelist yourself and then decide who you want to trust.
The trust can be transitive and you can define how many nodes removed you
want to implicitly trust.  E.g., you can decide that you trust certain
companies and whoever they trust and whoever they trust - and then stop
there.

Unless one of those two-removed levels trusts a spammer, there would be no
problem if a different section of the web contained spammers who signed
themselves up.

Best Regards
Andy Schmidt

HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206

http://www.HM-Software.com/


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Todd Holt
Sent: Wednesday, December 10, 2003 05:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Web-o-Trust


Pardon my jumping in this discussion late:

How do the names get added to the list (or web-o-trust)?
It appears that companies say, I'm not a spammer, trust me!  What keeps
the spammers of the list? The distributed nature of the management is what
keeps the time commitment down, but at the same time minimizes the
effectiveness.

What am I missing here?

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- 
 [EMAIL PROTECTED] On Behalf Of andyb
 Sent: Wednesday, December 10, 2003 2:36 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.JunkMail] Web-o-Trust
 
 I think WOT could be very worth while for the 10-15 minutes it takes
to
 setup.
 
 - Original Message -
 From: R. Scott Perry [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Wednesday, December 10, 2003 4:32 PM
 Subject: Re: [Declude.JunkMail] Web-o-Trust
 
 
 
  Scott, I looked into this several months ago, but at the time it
did
 not
  seem to be getting much interest, and still doesn't appear to have
much
 of a
  following (maybe 100 participants so far on their list).  However,
I am
  willing to give it a go.  Question, how do we use this with Declude
 JunkMail
  in its current form?
 
  Something else that is worth mentioning here is that there are a
number
 of
  IPs that will almost never send spam, but will be likely to get
caught
 as
  spam.  For example, purchase confirmations from eBay, amazon, etc.
have
 a
  higher likelihood of getting caught than normal E-mail -- but their
IPs
  just don't send out spam.  All it takes is one person adding those
IPs,
 and
  without any work on the part of everyone else, they will be able to
get
  mail from those IPs without a problem.
 
  FWIW, we are working on a Windows program to automatically crawl
through
  WOT files and generate sorted IP blacklist files (along with
comments
  showing where the IP came from), without having to figure out how to
run
  Python that the collate program is written in.
 
  -Scott
  ---
  Declude JunkMail: The advanced anti-spam solution for IMail
mailservers.
  Declude Virus: Catches known viruses and is the leader in mailserver 
  vulnerability detection. Find out what you've been missing: Ask 
  about our free 30-day
evaluation.
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To 
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
  unsubscribe Declude.JunkMail.  The archives can be found at 
  http://www.mail-archive.com.
 
 
 ---
 [This E-mail was scanned for viruses by Declude Virus 
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.
 ---
 [This E-mail scanned for viruses by Declude Virus 
 (http://www.declude.com)]


---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Andy Schmidt]

Hi,

It also opens another option for lazy/ignorant sysops who don't want to
correctly configure their mail servers.  Now you can tell them: Sorry I
don't white-list individual servers, but, you can white-list yourself by
adding your servers to WOT.

Best Regards
Andy Schmidt

HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206

http://www.HM-Software.com/


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, December 10, 2003 02:00 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Web-o-Trust



Scott, I looked into this several months ago, but at the time it did 
not seem to be getting much interest, and still doesn't appear to have 
much of a following (maybe 100 participants so far on their list).

That's correct.  But about half of them joined within the past few 
days.  When I first heard of it, I didn't think much of it -- but now, 
there are a number of organizations using it (including one that previously 
would refuse our mail), and it's starting to reach critical mass.  There 
are also a number of people in the anti-spam community that are actively 
pursuing WOT.

However, I am willing to give it a go.  Question, how do we use this 
with
Declude JunkMail
in its current form?

They also have a collate program that will let you automatically create 
files which should be compatible with the Declude JunkMail IP blacklists, 
allowing you to give a negative weight to anyone whose IP is in one of the 
WOT files.  If it looks like WOT could take off, we'll look at adding 
native support for it into Declude JunkMail.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Todd Holt]

That sounds reasonable.

You wrote of a process to compile a whitelist (implemented as negative
weight on a blacklist).  Does this process walk to all of the includes
and their include, etc. to create the whitelist file?

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of R. Scott Perry
 Sent: Wednesday, December 10, 2003 3:00 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [Declude.JunkMail] Web-o-Trust
 
 
 How do the names get added to the list (or web-o-trust)?
 
 By getting someone to trust them.
 
 For example, we're asking that our customers let us know that they
have
 set
 up a WOT file, and we add them to our WOT file, which a lot of people
 already trust.
 
 It appears that companies say, I'm not a spammer, trust me!  What
 keeps the spammers of the list?
 
 Several things.
 
 First is the limitations -- for example, if you trust us (that the IPs
we
 list and the WOT files that we list are all good), but have a
feeling
 that one of our customers may somehow include a spammer's WOT file,
you
 can
 use include http://www.declude.com/web-o-trust.txt 2, which will
trust
 us
 (1) and our customers (2).  But it will not trust IPs that our
customers
 trust.
 
 Second is omit.  If we find that somehow a spammer gets a WOT file
that
 our WOT file trusts, we can omit it (omit
 http://www.spammer_domain.com/web-o-trust.txt ).
 
 But, it would be a real hassle for a spammer to do this -- they
typically
 have lots of compromised servers that they would need to list, and
would
 need to find someone to trust them.  Even if they find someone to
trust
 them, they won't have any idea how many people are whitelisting them
 (since
 many people will use the limits).  Then, once they are caught, they
will
 quickly be removed.
 
 Of course, only time will tell how effective it really turns out to
be.  I
 think it has a lot of promise.
 
 -Scott
 ---
 Declude JunkMail: The advanced anti-spam solution for IMail
mailservers.
 Declude Virus: Catches known viruses and is the leader in mailserver
 vulnerability detection.
 Find out what you've been missing: Ask about our free 30-day
evaluation.
 
 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 ---
 [This E-mail scanned for viruses by Declude Virus
 (http://www.declude.com)]


---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Kevin Bilbee]

What if a spammer get into the loop? and corrupts the shared whitelist? is
this possible?

So Let me summarize the way I think this works.

1) I setup a WOT file for my domain/server
2) I whitelist entries the WOT file
3) I link the WOT file to other trusted WOT files
4) The linked WOTs have whitelisted items and linked WOT files


Kevin Bilbee


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of andyb
 Sent: Wednesday, December 10, 2003 2:36 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.JunkMail] Web-o-Trust


 I think WOT could be very worth while for the 10-15 minutes it takes to
 setup.

 - Original Message -
 From: R. Scott Perry [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Wednesday, December 10, 2003 4:32 PM
 Subject: Re: [Declude.JunkMail] Web-o-Trust


 
  Scott, I looked into this several months ago, but at the time
 it did not
  seem to be getting much interest, and still doesn't appear to have much
 of a
  following (maybe 100 participants so far on their list).  However, I am
  willing to give it a go.  Question, how do we use this with Declude
 JunkMail
  in its current form?
 
  Something else that is worth mentioning here is that there are
 a number of
  IPs that will almost never send spam, but will be likely to get
 caught as
  spam.  For example, purchase confirmations from eBay, amazon,
 etc. have a
  higher likelihood of getting caught than normal E-mail -- but their IPs
  just don't send out spam.  All it takes is one person adding those IPs,
 and
  without any work on the part of everyone else, they will be able to get
  mail from those IPs without a problem.
 
  FWIW, we are working on a Windows program to automatically crawl through
  WOT files and generate sorted IP blacklist files (along with comments
  showing where the IP came from), without having to figure out how to run
  Python that the collate program is written in.
 
  -Scott
  ---
  Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
  Declude Virus: Catches known viruses and is the leader in mailserver
  vulnerability detection.
  Find out what you've been missing: Ask about our free 30-day evaluation.
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[Matthew Bramble]

I'm with Todd here.  I see very little value here.  I don't have a 
problem with blocking E-mail from providers that aren't involved in bulk 
mailing or don't have large communities of unregulated users.  This 
might help with some false positives related to administrator 
discussions of banned words or techniques, but for normal E-mail traffic 
I see this as not being of very much use.

As with all such networks, as this grows larger, the potential for 
problems also grows.  Spamcop for instance has suffered greatly from a 
large number of anti-commercialism administrators or people that are 
just plain irresponsible reporting their spam, and a system like this 
represents a potential for problems of a similar type, where you are 
expected to trust an administrator without regard to the content of the 
messages, the protections that they have in place to prevent misuse, or 
even their honesty in joining in the first place.

There are many of us that have had issues with our customers spamming on 
occasion, and if you can't trust your own customers, why should you 
trust the customers of others over whom you have no control over.  If 
these don't currently represent  a measurable problem, then why apply a 
fix which might prevent a future spamming incident from being blocked?

I'm not against the idea of having some form of a registry, however the 
root of the problem is in differentiating among the gray stuff and not 
among the non-automated stuff.  I find value in things like 
BONDEDSENDER, though to some purists, they view this as legitimizing 
large commercial spammers because their definition of spam differs from 
mine.  Heck, Kami and I can't even agree on what spam is when it comes 
to this gray area stuff, and although I trust Kami's opinion on what he 
considers to be trusted senders, I wouldn't automatically trust his 
customers, or some list over which he is only in part involved in 
maintaining.

I'm much rather first create a concise definition for spam and a process 
for review, and then build a list of automated-mailers to trust and not 
trust, and share that list with a select group of trusted administrators 
to maintain, and allow other non-trusted administrators to make use of.  
The list would have to be IP based, and the people would need to be 
responsible and dedicated to the task, and share the same values, 
otherwise it would just become another Spews.

If someone can show me the value of crediting points to hosts which 
account for almost none of my mail volume, over which I have no 
familiarity with their rules and procedures, and for which I am not 
aware of any substantial problems, I will definitely reconsider my stance.

Matt



R. Scott Perry wrote:


How do the names get added to the list (or web-o-trust)?


By getting someone to trust them.

For example, we're asking that our customers let us know that they 
have set up a WOT file, and we add them to our WOT file, which a lot 
of people already trust.

It appears that companies say, I'm not a spammer, trust me!  What
keeps the spammers of the list?


Several things.

First is the limitations -- for example, if you trust us (that the IPs 
we list and the WOT files that we list are all good), but have a 
feeling that one of our customers may somehow include a spammer's WOT 
file, you can use include http://www.declude.com/web-o-trust.txt 2, 
which will trust us (1) and our customers (2).  But it will not trust 
IPs that our customers trust.

Second is omit.  If we find that somehow a spammer gets a WOT file 
that our WOT file trusts, we can omit it (omit 
http://www.spammer_domain.com/web-o-trust.txt ).

But, it would be a real hassle for a spammer to do this -- they 
typically have lots of compromised servers that they would need to 
list, and would need to find someone to trust them.  Even if they find 
someone to trust them, they won't have any idea how many people are 
whitelisting them (since many people will use the limits).  Then, once 
they are caught, they will quickly be removed.

Of course, only time will tell how effective it really turns out to 
be.  I think it has a lot of promise.

   -Scott


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[andyb]

Well,

Your try it

if it doesn't work, or gets abused, you get rid of it..

It just *might* help.

- Original Message -
From: Matthew Bramble [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 6:27 PM
Subject: Re: [Declude.JunkMail] Web-o-Trust


 I'm with Todd here.  I see very little value here.  I don't have a
 problem with blocking E-mail from providers that aren't involved in bulk
 mailing or don't have large communities of unregulated users.  This
 might help with some false positives related to administrator
 discussions of banned words or techniques, but for normal E-mail traffic
 I see this as not being of very much use.

 As with all such networks, as this grows larger, the potential for
 problems also grows.  Spamcop for instance has suffered greatly from a
 large number of anti-commercialism administrators or people that are
 just plain irresponsible reporting their spam, and a system like this
 represents a potential for problems of a similar type, where you are
 expected to trust an administrator without regard to the content of the
 messages, the protections that they have in place to prevent misuse, or
 even their honesty in joining in the first place.

 There are many of us that have had issues with our customers spamming on
 occasion, and if you can't trust your own customers, why should you
 trust the customers of others over whom you have no control over.  If
 these don't currently represent  a measurable problem, then why apply a
 fix which might prevent a future spamming incident from being blocked?

 I'm not against the idea of having some form of a registry, however the
 root of the problem is in differentiating among the gray stuff and not
 among the non-automated stuff.  I find value in things like
 BONDEDSENDER, though to some purists, they view this as legitimizing
 large commercial spammers because their definition of spam differs from
 mine.  Heck, Kami and I can't even agree on what spam is when it comes
 to this gray area stuff, and although I trust Kami's opinion on what he
 considers to be trusted senders, I wouldn't automatically trust his
 customers, or some list over which he is only in part involved in
 maintaining.

 I'm much rather first create a concise definition for spam and a process
 for review, and then build a list of automated-mailers to trust and not
 trust, and share that list with a select group of trusted administrators
 to maintain, and allow other non-trusted administrators to make use of.
 The list would have to be IP based, and the people would need to be
 responsible and dedicated to the task, and share the same values,
 otherwise it would just become another Spews.

 If someone can show me the value of crediting points to hosts which
 account for almost none of my mail volume, over which I have no
 familiarity with their rules and procedures, and for which I am not
 aware of any substantial problems, I will definitely reconsider my stance.

 Matt



 R. Scott Perry wrote:

 
  How do the names get added to the list (or web-o-trust)?
 
 
  By getting someone to trust them.
 
  For example, we're asking that our customers let us know that they
  have set up a WOT file, and we add them to our WOT file, which a lot
  of people already trust.
 
  It appears that companies say, I'm not a spammer, trust me!  What
  keeps the spammers of the list?
 
 
  Several things.
 
  First is the limitations -- for example, if you trust us (that the IPs
  we list and the WOT files that we list are all good), but have a
  feeling that one of our customers may somehow include a spammer's WOT
  file, you can use include http://www.declude.com/web-o-trust.txt 2,
  which will trust us (1) and our customers (2).  But it will not trust
  IPs that our customers trust.
 
  Second is omit.  If we find that somehow a spammer gets a WOT file
  that our WOT file trusts, we can omit it (omit
  http://www.spammer_domain.com/web-o-trust.txt ).
 
  But, it would be a real hassle for a spammer to do this -- they
  typically have lots of compromised servers that they would need to
  list, and would need to find someone to trust them.  Even if they find
  someone to trust them, they won't have any idea how many people are
  whitelisting them (since many people will use the limits).  Then, once
  they are caught, they will quickly be removed.
 
  Of course, only time will tell how effective it really turns out to
  be.  I think it has a lot of promise.
 
 -Scott



 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail

RE: [Declude.JunkMail] Web-o-Trust

[Andy Ognenoff]

 If someone can show me the value of crediting points to hosts which
 account for almost none of my mail volume, over which I have no
 familiarity with their rules and procedures, and for which I am not aware
 of any substantial problems, I will definitely reconsider my stance.

Very well stated!  I would think most mail admins that would take advantage
of WOT would already have their servers setup so they would pass most spam
tests anyways.  Why whitelist senders that wouldn't have failed your spam
tests in the first place or that you don't get mail from?

- Andy



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

You wrote of a process to compile a whitelist (implemented as negative
weight on a blacklist).  Does this process walk to all of the includes
and their include, etc. to create the whitelist file?
Yes.  It's designed to follow the rules of Web-o-Trust, and include/omit 
IPs as determined by your WOT file.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

What if a spammer get into the loop? and corrupts the shared whitelist? is
this possible?
It can happen, but a spammer would have to do a lot of work for little 
payout.  They would have to get someone to trust them to get in the loop, 
while not knowing how many people will trust them -- and not knowing how 
quickly they may be omitted.  One of the keys here is limiting how much 
recursion can be done.  For example, if you trust our WOT file, and those 
of our customers, but none further -- then the only way a spammer can get 
their IP whitelisted on your server is if *we* trust them.  If you think 
that the WOT system isn't going to attract spammers, you might not want to 
place any limits, so that if one of our customers trusts one of their 
customers that trusts a friend of theirs who trusts a spammer, you can 
always omit them.

Then, with Declude JunkMail, you can use negative weighting, which would 
make it even more difficult for a spammer to get their E-mail through with WOT.

So Let me summarize the way I think this works.

1) I setup a WOT file for my domain/server
2) I whitelist entries the WOT file
3) I link the WOT file to other trusted WOT files
4) The linked WOTs have whitelisted items and linked WOT files
I think that is right.  :)

The WOT file on your website is essentially a list of your IPs and people 
you trust.  Presumably, that's where you would start when creating a 
list.  The list would contain your IPs, and would include the people you 
trust as well (and the people they trust, and so on), within the limits 
that are given.

Because of the web nature of this, there is no one specific starting 
point, except for your own WOT file.  We're linked to most of the people 
who use Web-o-Trust, so by including us, you include them as 
well.  However, at this point, nobody knows about *your* WOT file.  So you 
let us know the URL for your WOT file, and we add you to ours.  Since we're 
linked to most of the people who use Web-o-Trust, when we add you, most 
people will be whitelisting you as well (not everybody, though, because 
some may omit us or you, or may have recursion limits that prevent you from 
being seen).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[andyb]

That is way too broad and general a statement.

My server doesn't NOT  allow most spam to pass.

 I would think most mail admins that would take advantage
 of WOT would already have their servers setup so they would pass most spam
 tests anyways.  Why whitelist senders that wouldn't have failed your spam
 tests in the first place or that you don't get mail from?

 - Andy



 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

So how can this be added to Declude for negative weight?
Using an IP blacklist, with a negative weight, such as:

WOT  ipfile  D:\IMail\Declude\wotfile.txt  x  -10  x

You'll need to create wotfile.txt, using collate from 
http://www.web-o-trust.org , which uses Python, or the tool we are developing.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

As with all such networks, as this grows larger, the potential for 
problems also grows.  Spamcop for instance has suffered greatly from a 
large number of anti-commercialism administrators or people that are just 
plain irresponsible reporting their spam, and a system like this 
represents a potential for problems of a similar type, where you are 
expected to trust an administrator without regard to the content of the 
messages, the protections that they have in place to prevent misuse, or 
even their honesty in joining in the first place.
And it is possible that it will be a problem (for example, people 
whitelisting IPs that send both legitimate mail and spam).  But, you have 
the power to omit anyone you want.  And if you trust us, and we omit 
someone, it will be omitted for you as well.

There are many of us that have had issues with our customers spamming on 
occasion, and if you can't trust your own customers, why should you trust 
the customers of others over whom you have no control over.  If these 
don't currently represent  a measurable problem, then why apply a fix 
which might prevent a future spamming incident from being blocked?
If that is your philosophy, you can still use WOT.  You'll still be able to 
get your IPs whitelisted by many people, and you can still list people that 
you trust directly.  For example, you might decide that you want to 
whitelist our IP(s) (include: http://www.declude.com/web-o-trust.txt 1), 
or perhaps our IP(s) and customers (include: 
http://www.declude.com/web-o-trust.txt 2), but not those people that our 
customers trust.  Perhaps you want to whitelist us and our customers, but 
there is one of our customers that you've had run-ins with in the past?  In 
that case, you can use include: http://www.declude.com/web-o-trust.txt 2 
and then omit: http://www.bad_guy.com/web-o-trust.txt;.

So you have almost full control over it.

And, by using a negative weight rather than actual whitelisting, WOT will 
just help out, without ensuring that spam gets through if a spammer gets 
his IP(s) somewhere in WOT.

I'm not against the idea of having some form of a registry, however the 
root of the problem is in differentiating among the gray stuff and not 
among the non-automated stuff.
We are definitely not going to add any of the gray stuff.  Why?  We don't 
want people omitting us!  For the same reason, most of our customers won't, 
either.

But what will probably happen is someone will come up with 
http://www.some_isp.com/~username/grayips.txt that people can optionally 
trust.  If we want to trust them, we won't add them to our WOT file -- but 
instead, we can have a private WOT file that we don't tell anyone about 
that includes our main WOT file and the gray one.  That way, we can 
whitelist the gray IPs, and people can still trust us without also trusting 
the gray IPs.

Heck, Kami and I can't even agree on what spam is when it comes to this 
gray area stuff, and although I trust Kami's opinion on what he considers 
to be trusted senders, I wouldn't automatically trust his customers, or 
some list over which he is only in part involved in maintaining.
That's where WOT works well.  If you trust his IPs, but not those of his 
customers, you can include his WOT file with a 1 at the end, which won't 
trust any of his customers.  If his customers use his IP, then just don't 
include his WOT file (it will probably be included if you choose to include 
ours, but in that case, you can omit his).

If someone can show me the value of crediting points to hosts which 
account for almost none of my mail volume, over which I have no 
familiarity with their rules and procedures, and for which I am not aware 
of any substantial problems, I will definitely reconsider my stance.
It all depends on your specific needs.  Have you found that there are IPs 
that send you good mail, and never send spam?  Instead of whitelisting 
them, adding a filter to help reduce their weight, etc., someone will 
likely add them somewhere in WOT.  That by itself may be very useful.

And, even if you don't want to trust anyone, you can just add your own IPs 
to your WOT file, and not include anybody.  We'll include you, so others 
will whitelist your mail, and you won't have to trust anybody.  :)

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Kevin Bilbee]

After reading the WOT site and the posts here. I think the best use for this
is a dynamic trusted whitelist. For example I have my mail server and my
gateway mail servers. My web servers that send out notices and our
orderentry server that sends out emails. I would list all of these IPs in my
WOT file. Now that I have done that. If another mail admin trusts my WOT
file and if I add or remove a server I just update my WOT file and they
automatically trust the new server. If I change providers and my IP block. I
just update my WOT file. If the new block is in blacklists because it was
previously held by a spammer. My mail would then have less of a chance of
being deleted or held as spam. Also if the class C gets blacklisted due to
another subnet in the the class C spamming. My mail would have a better
chance of not being blocked.

It would also be advantagous for large providers to place there outbound
mail sources in a WOT file or files based on how the server are used. They
could have a WOT file for subscribers outboud delivery or confirmation
notices.


Kevin Bilbee



 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
 Sent: Wednesday, December 10, 2003 3:55 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [Declude.JunkMail] Web-o-Trust



 What if a spammer get into the loop? and corrupts the shared
 whitelist? is
 this possible?

 It can happen, but a spammer would have to do a lot of work for little
 payout.  They would have to get someone to trust them to get in
 the loop,
 while not knowing how many people will trust them -- and not knowing how
 quickly they may be omitted.  One of the keys here is limiting how much
 recursion can be done.  For example, if you trust our WOT file, and those
 of our customers, but none further -- then the only way a spammer can get
 their IP whitelisted on your server is if *we* trust them.  If you think
 that the WOT system isn't going to attract spammers, you might
 not want to
 place any limits, so that if one of our customers trusts one of their
 customers that trusts a friend of theirs who trusts a spammer, you can
 always omit them.

 Then, with Declude JunkMail, you can use negative weighting, which would
 make it even more difficult for a spammer to get their E-mail
 through with WOT.

 So Let me summarize the way I think this works.
 
 1) I setup a WOT file for my domain/server
 2) I whitelist entries the WOT file
 3) I link the WOT file to other trusted WOT files
 4) The linked WOTs have whitelisted items and linked WOT files

 I think that is right.  :)

 The WOT file on your website is essentially a list of your IPs and people
 you trust.  Presumably, that's where you would start when creating a
 list.  The list would contain your IPs, and would include the people you
 trust as well (and the people they trust, and so on), within the limits
 that are given.

 Because of the web nature of this, there is no one specific starting
 point, except for your own WOT file.  We're linked to most of the people
 who use Web-o-Trust, so by including us, you include them as
 well.  However, at this point, nobody knows about *your* WOT
 file.  So you
 let us know the URL for your WOT file, and we add you to ours.
 Since we're
 linked to most of the people who use Web-o-Trust, when we add you, most
 people will be whitelisting you as well (not everybody, though, because
 some may omit us or you, or may have recursion limits that
 prevent you from
 being seen).


 -Scott
 ---
 Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
 Declude Virus: Catches known viruses and is the leader in mailserver
 vulnerability detection.
 Find out what you've been missing: Ask about our free 30-day evaluation.

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Web-o-Trust

[Matthew Bramble]

Scott,

I think the attempt is admirable, as it is with the RBL's and anyone 
else that contributes to the greater good, however I strongly believe 
that the approach is flawed.  I've had similar discussions regarding 
shared blacklists and the same issue comes up over and over 
again...there needs to be some form of unautomated management and an 
enforceable standard for something like this to work.

I checked out the limited number of submissions to that list and found 
the following file for instance:

   http://home.teleport.com/~amurph/web-o-trust.txt

This file lists blocks containing Comcast and Earthlink mail servers.  
It also includes the following list:

   http://users.adelphia.net/~equalizer/web-o-trust.txt

This one contains addresses on Road Runner, Adelphia and three 
educational institutions, and this out of only the first 100 or so 
members.  What's to stop me or someone else from having an epiphany and 
using this as my pseudo-whitelist all of a sudden and including places 
like Cheetah Mail and Dart Mail?  Some here consider that to be spam.

It seems like this would present more trouble than problems fixed.  
Sure, I don't need to trust this person, or who they trust, but I also 
don't want to have to spend the time figuring out if someone currently 
has a very poor understanding of whitelisting, or may at any time in the 
future have a brain fart and start including the IP addresses of ISP's 
where the users themselves, trustworthy or not, can be infected with 
viruses and haplessly become open relays.  This in itself is the #1 
problem in spam fighting currently.  It's the folks that don't own their 
IP space that are the hardest to block, and these are the same guys that 
won't be discouraged by the Can Spam laws because they are already 
criminals.  Such a network and registry if successful, also presents a 
large potential issue when compromised and targeted...the map to the 
network is there for spoiling.

I think that if a select group of very trusted administrators with a 
common set of rules wanted to use the functionality to share whitelist 
for selected bulk-mailers
and blacklists for verified static spammers (with some form of re-review 
process for stale records), then this could be a useful tool, but I 
don't see anyone talking about such a thing.

Sorry to be so negative about the idea, but if it was all just this 
simple, we wouldn't have a spam problem in the first place.  In the 
current suggested implementation, I just don't see the value as a 
whitelist of places that I'm pretty sure wouldn't have any problems to 
begin with.  Maybe it might be useful to have a conversation about 
alternative uses for such a program?  I'm definitely interested in 
sharing some whitelists and blacklists based on the above stated 
criteria, but only if we could all agree on definitions, processes, and 
can be responsible.  The only individual IP's that I whitelist are yours 
and a couple of other users because of filtering discussions, and my own 
customers because it's real bad when you block internal E-mail, even 
though it is quite rare.  My false positives are 95% or more legit bulk 
mail and legit personal mail that is sent from known compromised IP 
space, and the other 5% (at most) might be related to errors in custom 
filters being primarily responsible...but I try to fix those issues.  I 
don't have any notable issues with small mail servers that are properly 
adminsitrated and protected.

Matt



R. Scott Perry wrote:


As with all such networks, as this grows larger, the potential for 
problems also grows.  Spamcop for instance has suffered greatly from 
a large number of anti-commercialism administrators or people that 
are just plain irresponsible reporting their spam, and a system like 
this represents a potential for problems of a similar type, where you 
are expected to trust an administrator without regard to the content 
of the messages, the protections that they have in place to prevent 
misuse, or even their honesty in joining in the first place.


And it is possible that it will be a problem (for example, people 
whitelisting IPs that send both legitimate mail and spam).  But, you 
have the power to omit anyone you want.  And if you trust us, and we 
omit someone, it will be omitted for you as well.

There are many of us that have had issues with our customers spamming 
on occasion, and if you can't trust your own customers, why should 
you trust the customers of others over whom you have no control 
over.  If these don't currently represent  a measurable problem, then 
why apply a fix which might prevent a future spamming incident from 
being blocked?


If that is your philosophy, you can still use WOT.  You'll still be 
able to get your IPs whitelisted by many people, and you can still 
list people that you trust directly.  For example, you might decide 
that you want to whitelist our IP(s) (include: 
http://www.declude.com/web-o-trust.txt 1), or perhaps our 

Re: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

I think the attempt is admirable, as it is with the RBL's and anyone else 
that contributes to the greater good, however I strongly believe that 
the approach is flawed.  I've had similar discussions regarding shared 
blacklists and the same issue comes up over and over again...there needs 
to be some form of unautomated management and an enforceable standard for 
something like this to work.

I checked out the limited number of submissions to that list and found the 
following file for instance:

   http://home.teleport.com/~amurph/web-o-trust.txt

This file lists blocks containing Comcast and Earthlink mail servers.
I'm guessing that they were added because they have troubles with spam 
filters, and aren't going to be sending out spam.  Do you have a record of 
spam from those IPs?

In this case, though, if you're unsure that you can trust them, you can use 
omit: http://home.teleport.com/~amurph/web-o-trust.txt;.

It also includes the following list:

   http://users.adelphia.net/~equalizer/web-o-trust.txt

This one contains addresses on Road Runner, Adelphia and three educational 
institutions, and this out of only the first 100 or so members.
But, why shouldn't those IPs be listed?  It looks like they are being 
listed for a good reason.

What's to stop me or someone else from having an epiphany and using this 
as my pseudo-whitelist all of a sudden and including places like Cheetah 
Mail and Dart Mail?  Some here consider that to be spam.
In that case, you'll likely get limited.  For example, we could put a 1 
after your URL, so that people trusting us would only trust your IPs, not 
those of people that you trust (or if you put the actual IPs for Cheetah 
Mail and Dart Mail, we could remove your entry).

It seems like this would present more trouble than problems fixed.
It could be.  But only time will tell how it will really work out.

Sure, I don't need to trust this person, or who they trust, but I also 
don't want to have to spend the time figuring out if someone currently has 
a very poor understanding of whitelisting, or may at any time in the 
future have a brain fart and start including the IP addresses of ISP's 
where the users themselves, trustworthy or not, can be infected with 
viruses and haplessly become open relays.  This in itself is the #1 
problem in spam fighting currently.
I think the goal here is for those people to be far enough down the ladder 
that limiting your trust would fix it.

It's the folks that don't own their IP space that are the hardest to 
block, and these are the same guys that won't be discouraged by the Can 
Spam laws because they are already criminals.  Such a network and registry 
if successful, also presents a large potential issue when compromised and 
targeted...the map to the network is there for spoiling.
True.  But, it's going to be a major undertaking for little benefit.  So 
they manage to get a few IPs in?  They have to quickly send out spam before 
those IPs get removed.  But even so, they don't know how many people are 
trusting them.

Perhaps we can build something in where people don't get trusted until 
their WOT files have been active for X hours/days, allowing time for others 
with more time to omit them if needed.  :)

Sorry to be so negative about the idea, but if it was all just this 
simple, we wouldn't have a spam problem in the first place.
But, the idea hasn't been put through the paces yet.

Another idea is that if it is limited so that you can only add your own 
IPs, it may be more useful (so that the clueless admin can't just add 
Cheetah Mail and Dart Mail).

In the current suggested implementation, I just don't see the value as a 
whitelist of places that I'm pretty sure wouldn't have any problems to 
begin with.
Like us?  We don't have anything that I consider a problem -- no spam has 
ever been sent from our mailserver, and there isn't any indicate that there 
will.  But quite a few of Len's followers have blocked us.  And for a few 
hours when EASYNET-DYNA added us, there were some people blocking just on 
that.  Those people would *really* benefit from WOT -- which then benefits 
anyone who uses WOT.

Maybe it might be useful to have a conversation about alternative uses for 
such a program?  I'm definitely interested in sharing some whitelists and 
blacklists based on the above stated criteria, but only if we could all 
agree on definitions, processes, and can be responsible.
That's not an alternate use -- that's an intended use.  :)

There is nothing saying that everybody should be included in WOT, or that 
you should trust someone like us.  If that works for you, great.  If not, 
it's quite possible to start a WOT specific to certain uses.

I hadn't even thought of blacklists, but that would work too (just so long 
as they were handled carefully, so that whitelists and blacklists didn't 
accidentally include each other!).

   -Scott
---
Declude JunkMail: The advanced 

RE: [Declude.JunkMail] Web-o-Trust

[Andy Schmidt]

I think ultimately it would be good to rank by trust, e.g., with hundreds
of thousands of entries, there will be some that MANY will trust, others
will never be trusted - any everything in-between.  

If this could be translated into a weighted list - then it would
self-correct any odd-balls and benefit from the community wisdom on who
deserves to be white-listed.

Best Regards
Andy Schmidt

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, December 10, 2003 08:16 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Web-o-Trust



I think the attempt is admirable, as it is with the RBL's and anyone 
else
that contributes to the greater good, however I strongly believe that 
the approach is flawed.  I've had similar discussions regarding shared 
blacklists and the same issue comes up over and over again...there needs 
to be some form of unautomated management and an enforceable standard for 
something like this to work.

I checked out the limited number of submissions to that list and found 
the
following file for instance:

http://home.teleport.com/~amurph/web-o-trust.txt

This file lists blocks containing Comcast and Earthlink mail servers.

I'm guessing that they were added because they have troubles with spam 
filters, and aren't going to be sending out spam.  Do you have a record of 
spam from those IPs?

In this case, though, if you're unsure that you can trust them, you can use 
omit: http://home.teleport.com/~amurph/web-o-trust.txt;.

It also includes the following list:

http://users.adelphia.net/~equalizer/web-o-trust.txt

This one contains addresses on Road Runner, Adelphia and three 
educational
institutions, and this out of only the first 100 or so members.

But, why shouldn't those IPs be listed?  It looks like they are being 
listed for a good reason.

What's to stop me or someone else from having an epiphany and using 
this
as my pseudo-whitelist all of a sudden and including places like Cheetah 
Mail and Dart Mail?  Some here consider that to be spam.

In that case, you'll likely get limited.  For example, we could put a 1 
after your URL, so that people trusting us would only trust your IPs, not 
those of people that you trust (or if you put the actual IPs for Cheetah 
Mail and Dart Mail, we could remove your entry).

It seems like this would present more trouble than problems fixed.

It could be.  But only time will tell how it will really work out.

Sure, I don't need to trust this person, or who they trust, but I also
don't want to have to spend the time figuring out if someone currently has 
a very poor understanding of whitelisting, or may at any time in the 
future have a brain fart and start including the IP addresses of ISP's 
where the users themselves, trustworthy or not, can be infected with 
viruses and haplessly become open relays.  This in itself is the #1 
problem in spam fighting currently.

I think the goal here is for those people to be far enough down the ladder 
that limiting your trust would fix it.

It's the folks that don't own their IP space that are the hardest to
block, and these are the same guys that won't be discouraged by the Can 
Spam laws because they are already criminals.  Such a network and registry 
if successful, also presents a large potential issue when compromised and 
targeted...the map to the network is there for spoiling.

True.  But, it's going to be a major undertaking for little benefit.  So 
they manage to get a few IPs in?  They have to quickly send out spam before 
those IPs get removed.  But even so, they don't know how many people are 
trusting them.

Perhaps we can build something in where people don't get trusted until 
their WOT files have been active for X hours/days, allowing time for others 
with more time to omit them if needed.  :)

Sorry to be so negative about the idea, but if it was all just this
simple, we wouldn't have a spam problem in the first place.

But, the idea hasn't been put through the paces yet.

Another idea is that if it is limited so that you can only add your own 
IPs, it may be more useful (so that the clueless admin can't just add 
Cheetah Mail and Dart Mail).

In the current suggested implementation, I just don't see the value as 
a
whitelist of places that I'm pretty sure wouldn't have any problems to 
begin with.

Like us?  We don't have anything that I consider a problem -- no spam has 
ever been sent from our mailserver, and there isn't any indicate that there 
will.  But quite a few of Len's followers have blocked us.  And for a few 
hours when EASYNET-DYNA added us, there were some people blocking just on 
that.  Those people would *really* benefit from WOT -- which then benefits 
anyone who uses WOT.

Maybe it might be useful to have a conversation about alternative uses 
for
such a program?  I'm definitely interested in sharing some whitelists

Re: [Declude.JunkMail] Web-o-Trust

[Matthew Bramble]

Well let's try to have a discussion about sharing lists, if anyone is in 
fact interested.

It takes a lot of effort to identify IP blocks for white, gray and black 
lists.  I've seen some people include whole class C's without seemingly 
verifying that they were all under the control of one party.  It seems 
that the SBL type spammer is now using only partial blocks and in 
researching that Pexicom spammer, I found blocks that were definitely 
shared with other companies (which is a shame).

I've considered creating a tool for automating the maintenance of my own 
blacklists.  In part, it would allow me to submit IP's that I considered 
spam to a database where they would be time stamped.  I would also look 
at blocked messages and build some intelligence that would qualify 
blocks as some RBL's do, this way I wouldn't take additional action on 
just one IP because it might be a false positive, but two, three, four, 
etc., IP's from the same block is a sign of a static spammer, and time 
stamps could be used to verify continued activity so that they could be 
automatically expired after some point.  The gathering of this automated 
information could be done fairly easily with IMail's program alias with 
a ROUTETO or COPYTO action instead of using DELETE or HOLD.  If I could 
write this information to IMail's access control file, all the better, 
but then of course I would also have to process IMail's SMTP logs for 
activity, but at least this could be used with SKIPIFWEIGHT to save on 
processing with Declude.

As far as whitelisting trusted bulk mailers goes, this would be process 
intensive and best done if shared.  If a group of people could agree on 
a definition of spam and make nominations and then do the work of 
identifying the IP's (which is more useful than reverse DNS since unique 
domains are being registered for such uses), then this would be a 
virtually spoof-proof way of allowing such traffic on your server.  You 
could also differentiate between what is purely white, such as Ebay 
notifications and what is gray such as commercial ad related content 
sent to members, then you could build two lists simultaneously and allow 
administrators to block the gray stuff per domain with an action for the 
test in which it is defined.

When it comes to whitelisting ISP mail servers, I don't believe we have 
the necessary tools to make the most out of this.  Spam does get sent 
through these mail servers, but they also are very problematic when it 
comes to being blocked by RBL's.  It would be great if a list could be 
generated of ISP mail server IP's which could then be used by Declude to 
turn off the RBL's but still take action on technical filters and custom 
filters.  It wouldn't take a very large group to come up with something 
that would cover 80% or more of ISP mail server traffic.

I'm not sure that Web-o-Trust allows for the flexibility to be defined 
in so many different ways, nor do I believe that such a process is 
necessary.  This could be set up as an automated download from a network 
of servers maintained from a private master database where each public 
server advertises peers in the network (making it DOS-proof).  The 
programming is also quite simple.  The hard part is choosing people to 
do this work who can agree and be responsible.

I only mention this because of the current discussion.  I can't fathom 
having any time to explore this idea in reality until February at the 
earliest, but I definitely see myself doing at least part of it as a way 
to reduce the administration of my system.

Any thoughts?

Matt



R. Scott Perry wrote:


I think the attempt is admirable, as it is with the RBL's and anyone 
else that contributes to the greater good, however I strongly 
believe that the approach is flawed.  I've had similar discussions 
regarding shared blacklists and the same issue comes up over and over 
again...there needs to be some form of unautomated management and an 
enforceable standard for something like this to work.

I checked out the limited number of submissions to that list and 
found the following file for instance:

   http://home.teleport.com/~amurph/web-o-trust.txt

This file lists blocks containing Comcast and Earthlink mail servers.


I'm guessing that they were added because they have troubles with spam 
filters, and aren't going to be sending out spam.  Do you have a 
record of spam from those IPs?

In this case, though, if you're unsure that you can trust them, you 
can use omit: http://home.teleport.com/~amurph/web-o-trust.txt;.

It also includes the following list:

   http://users.adelphia.net/~equalizer/web-o-trust.txt

This one contains addresses on Road Runner, Adelphia and three 
educational institutions, and this out of only the first 100 or so 
members.


But, why shouldn't those IPs be listed?  It looks like they are being 
listed for a good reason.

What's to stop me or someone else from having an epiphany and using 
this as my pseudo-whitelist 

Re: [Declude.JunkMail] Web-o-Trust

[Pete McNeil]

At 06:27 PM 12/10/2003, you wrote:
I'm with Todd here.  I see very little value here.  I don't have a problem 
with blocking E-mail from
snip

I'm not against the idea of having some form of a registry, however the 
root of the problem is in differentiating among the gray stuff and not 
among the non-automated stuff.  I find value in things like BONDEDSENDER, 
though to some purists, they view this as legitimizing large commercial 
spammers because their definition of spam differs from mine.  Heck, Kami 
and I can't even agree on what spam is when it comes to this gray area 
stuff, and although I trust Kami's opinion on what he considers to be 
trusted senders, I wouldn't automatically trust his customers, or some 
list over which he is only in part involved in maintaining.
* See my PS for a description of how this objection might be mitigated.

ship

If someone can show me the value of crediting points to hosts which 
account for almost none of my mail volume, over which I have no 
familiarity with their rules and procedures, and for which I am not aware 
of any substantial problems, I will definitely reconsider my stance.
WOT turns out to be very similar to the COT (Circle Of Trust) features we 
are going to build into Message Sniffer. Snice WOT seems to be getting some 
attention we've decided to push forward some of that development toward 
building utilities that are compatible with WOT, and specifically that 
automate some of the admin process.

The COT systems we have planned will allow like-minded peers to share 
policy decisions and ratings for email sources. Our COT mechanisms will 
provide for a colorful gradiation... but the first mechanisms to be 
implemented will establish the black and white edges of the spectrum. In 
the simplest terms, the black edge is where email sources only produce spam 
and/or malware and the white edge is where sources never produce these.

WOT offers an early opportunity to define the white edge, so we're 
anxious to begin supporting it.

As you point out, the white edge is somewhat fuzzy depending upon your 
definition of spam, but this can be mitigated through some fairly simple 
math - and in the end the extreme white will generally be agreed between 
systems as much as the extreme black is often common ground.

The benefit of having a reference to the white edge is primarily the 
elimination of false positives from previously unknown sources and 
transient filtering errors. The value of this scheme is particularly 
enhanced if your definition of the white edge is derived from like-minded 
peers and in particular systems that are your common neighbors and their 
neighbors. (if you're likely to have common contacts)

If the generation of white edge information can be automated (and we 
think it can) then this frees your system to be more aggressive in defining 
what is black since the probability of false positives is reduced.

(sorry if any of this is fuzzy... it is sometimes difficult to explain the 
real leverage that can be attained through network effects.)

To summarize, if the generation of your WOT can be automated based on the 
messages that you receive which are extremely white then the benefit of 
sharing that information with other systems is that you can gain access to 
their information. Everyone in the group can then be more aggressive with 
their filtering.

--- I don't want to put too much emphasis on this, in particular because 
there are problems with defining a source strictly from the IP address, but 
you might also think of the problem in the following way:

Through the use of virii and other means spammers have potential access to 
the vast majority of the IP space for sending their content. Comparatively 
there are very few points in the IP space that are legitimate sources for 
email - that is, sources which are at least email servers as opposed to 
randomly compromised equipment. There is every indication that these 
conditions will continue to get worse. (early in the game it made more 
sense to list the bad guys than the good guys, now the numbers say those 
conditions have reversed)

Strictly from a data processing perspective, it is clearly more economical 
to map the acceptable sources for email than it is to map the unacceptable 
sources.

From the perspective of automated, decentralized trust based systems, 
networks of trusted peers is a powerful mechanism - wether automated or 
not. Personally I think it is VITAL (sorry for the caps but I mean it) that 
these kinds of control systems remain completely open and decentralized in 
order to avoid the potential for catastrophic failure and abuse that is 
associated with any centralized mechanisms.

WOT isn't perfect, but it is a great place to start and it's here right 
now. The value of WOT will increase radically as it is more widely adopted 
- this is true of any system that leverages network effects.

I'm sure that if WOT really takes off it will be extended naturally to 

RE: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

I think ultimately it would be good to rank by trust, e.g., with hundreds
of thousands of entries, there will be some that MANY will trust, others
will never be trusted - any everything in-between.
If this could be translated into a weighted list - then it would
self-correct any odd-balls and benefit from the community wisdom on who
deserves to be white-listed.
FWIW, the program we are developing to wade through a WOT file keeps track 
of how many WOT files reference the IP directly, and how many reference the 
IP's WOT file.

So for example, our mailserver's IP gets 1 for the number of direct 
references (which is appropriate, since only our WOT file really should 
contain it, as there isn't need for it to be listed elsewhere).  That by 
itself doesn't help much -- but when you factor in that our WOT file is 
referenced by 21 other WOT files, weighting could be used.  Perhaps a 
subtract X points for E-mail from IPs listed in WOT, where X is the total 
number of direct references plus the total number of references to the WOT 
the IP is in formula would work well in Declude JunkMail.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Andy Schmidt]

Hi Pete:

Very informative.

As much as I like and will support the concept, I couldn't help but cringe
that someone comes up with a new web-based system - and then defines their
proprietary formatting for their config file instead of trying to reuse
existing standards, e.g., adopting XML as a format.  

Instead of various folks writing custom-parsers and generators, one could
benefit from the existing XML technology and it's ability to self
document, and concentrate on processing the content. 

Foreseeable, someone could even write a web application and run it as their
web-o-trust URL that dynamically creates a live snapshot of trust based on
current events on the mail server.  Again, existing technology would favor
an XML format.

Very sad, indeed.

Best Regards
Andy Schmidt

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Wednesday, December 10, 2003 09:16 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Web-o-Trust


At 06:27 PM 12/10/2003, you wrote:
I'm with Todd here.  I see very little value here.  I don't have a 
problem
with blocking E-mail from

snip

I'm not against the idea of having some form of a registry, however the
root of the problem is in differentiating among the gray stuff and not 
among the non-automated stuff.  I find value in things like BONDEDSENDER, 
though to some purists, they view this as legitimizing large commercial 
spammers because their definition of spam differs from mine.  Heck, Kami 
and I can't even agree on what spam is when it comes to this gray area 
stuff, and although I trust Kami's opinion on what he considers to be 
trusted senders, I wouldn't automatically trust his customers, or some 
list over which he is only in part involved in maintaining.

* See my PS for a description of how this objection might be mitigated.

ship

If someone can show me the value of crediting points to hosts which
account for almost none of my mail volume, over which I have no 
familiarity with their rules and procedures, and for which I am not aware 
of any substantial problems, I will definitely reconsider my stance.

WOT turns out to be very similar to the COT (Circle Of Trust) features we 
are going to build into Message Sniffer. Snice WOT seems to be getting some 
attention we've decided to push forward some of that development toward 
building utilities that are compatible with WOT, and specifically that 
automate some of the admin process.

The COT systems we have planned will allow like-minded peers to share 
policy decisions and ratings for email sources. Our COT mechanisms will 
provide for a colorful gradiation... but the first mechanisms to be 
implemented will establish the black and white edges of the spectrum. In 
the simplest terms, the black edge is where email sources only produce spam 
and/or malware and the white edge is where sources never produce these.

WOT offers an early opportunity to define the white edge, so we're 
anxious to begin supporting it.

As you point out, the white edge is somewhat fuzzy depending upon your 
definition of spam, but this can be mitigated through some fairly simple 
math - and in the end the extreme white will generally be agreed between 
systems as much as the extreme black is often common ground.

The benefit of having a reference to the white edge is primarily the 
elimination of false positives from previously unknown sources and 
transient filtering errors. The value of this scheme is particularly 
enhanced if your definition of the white edge is derived from like-minded 
peers and in particular systems that are your common neighbors and their 
neighbors. (if you're likely to have common contacts)

If the generation of white edge information can be automated (and we 
think it can) then this frees your system to be more aggressive in defining 
what is black since the probability of false positives is reduced.

(sorry if any of this is fuzzy... it is sometimes difficult to explain the 
real leverage that can be attained through network effects.)

To summarize, if the generation of your WOT can be automated based on the 
messages that you receive which are extremely white then the benefit of 
sharing that information with other systems is that you can gain access to 
their information. Everyone in the group can then be more aggressive with 
their filtering.

--- I don't want to put too much emphasis on this, in particular because 
there are problems with defining a source strictly from the IP address, but 
you might also think of the problem in the following way:

Through the use of virii and other means spammers have potential access to 
the vast majority of the IP space for sending their content. Comparatively 
there are very few points in the IP space that are legitimate sources for 
email - that is, sources which are at least email servers as opposed to 
randomly

RE: [Declude.JunkMail] Web-o-Trust

[R. Scott Perry]

As much as I like and will support the concept, I couldn't help but cringe
that someone comes up with a new web-based system - and then defines their
proprietary formatting for their config file instead of trying to reuse
existing standards, e.g., adopting XML as a format.
In general, though, XML and other such tools are used for applications 
(such as supply chain management), whereas lower level (less complex) tools 
such as standard text files served by HTML are used for Internet protocols.

Needless to say, had Web-o-Trust used XML, it's unlikely that Declude 
JunkMail would have supported it quickly, and it's unlikely that we would 
have added our own WOT (which would have hurt our customers).  Since the 
concept is  quite simple, and doesn't require any special tools, we can add 
support for it quite easily.

Very sad, indeed.
Is it though?  There isn't much need for parsing tools.  The developers of 
WOT have collate (which unfortunately uses Python), and we're coming up 
with a Windows .exe to do the same thing.  But if Joe Developer wants to 
add WOT support to their anti-spam software, they don't need to deal with 
the details.

So we're not talking about dozens or hundreds of applications that are 
interfacing to WOT (as opposed to DNS-based spam databases, where there are 
probably hundreds of such applications).  Sure, there will be some that 
duplicate collate (such as ours), and probably some that do something else 
that is neat.  But not enough that I think XML would be necessary.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Web-o-Trust

[Pete McNeil]

At 09:33 PM 12/10/2003, you wrote:
Hi Pete:

Very informative.

As much as I like and will support the concept, I couldn't help but cringe
that someone comes up with a new web-based system - and then defines their
proprietary formatting for their config file instead of trying to reuse
existing standards, e.g., adopting XML as a format.
I appreciate your thoughts.
I've spent some time on this with ASRG,... see:
http://www.sortmonster.com/ASRG/index.html

What this effort and some practical experience has taught me is that XML 
tends to have a bit more overhead than is truly needed for some problems. 
It's an odd reality, but it turns out that XML may be too good to enable 
the first implementation of something like WOT, or even CPDL.

Implementing WOT as written is blindingly simple... and this is precisely 
because it leaves a lot of obvious problems unsolved... XML would solve 
many of those problems, but it would carry with it an implied requirement 
for lots of complexity and overhead. I discovered precisely the same 
conflict when working on CPDL at the point where I began to define import 
and export rules.

It turns out that in practice the characteristics of the required 
import/export model don't fit the inherent XML tools efficiently - in 
particular where in CPDL one defines the occasionally complex relationships 
required to define those transactions... In truth, it could certainly be 
done, but the solution would be far more complex than if the model for 
import/export were defined as a simple XML object that stays within the 
paradigm of the task.

So, I started down that road - and I was quickly faced with the inherent 
conflict.

If the import/export functions are handled in the application space by 
defining models in XML, then that import/export mechanism is redundant in 
some ways. The XML purists then insist that the correct way to handle the 
import/export mechanisms is by leveraging XML standards... There are good 
reasons for this, and having two ways to essentially include another file 
is not only redundant but also leads to ambiguity and complexity... So, 
having lost the debate we decide to stay with pure XML... but... If we head 
down that road we end up with a solution that is correct for XML, but wrong 
for the application... Further, the engine implementing the application 
must now faithfully implement all of the XML standard(s) in order not to 
cause problems down the road when some enterprising XML specialist attempts 
to take advantage of capabilities that are implied to be present.

End result: Do it with XML and the cost of the project far exceeds it's 
immediate viability. Do it with some simple alternate standard and the 
cost/benefit ratio of the project becomes vanishingly small - at least up 
front.

I've run into a similar paradox recently with new Message Sniffer features. 
Clearly it is time to implement a configuration file since current and 
future upgrades will require some complex parameter sets. Clearly the best 
solution to coding that configuration file is via XML (for many reasons). 
However, in attempting to code such a thing I quickly discover that the 
cost of the XML solution far outstrips the available budget(s) and would 
delay deployment unreasonably... Oh I hate it, but the only practical 
solution for the immediate term is to create a simple, straight forward 
configuration file and then suffer the support issues involved in 
converting to a more comprehensive XML based solution later when budgets 
permit.

Having faced so many of these cases in recent days I find I cringe less 
often when I see things like WOT show up. In practice, something like WOT 
that is so simple is far more likely to succeed in these early times. 
Packaged as it is, WOT is a virtually no-cost potentially high-benefit 
solution... You and I know that as it grows it will run into real problems 
and limitations that would never arise if only it were done with XML at the 
start... and perhaps when these limitations become important (or even 
before) someone will convert the project or present a working alternative. 
Perhaps, like a Windows desktop that must be rebooted 3 times a day as a 
matter of course, it will always be good enough just like it is. (Sorry M$ 
fans, I just had to take the shot - it was too obvious ;-)

None the less, if we saddle WOT with the burden of XML compliance right 
now, then we can virtually certify it's death on the vine...

I forget where (maybe MIT or CMU), but I recently read a research paper 
that describes precisely this dynamic at work. It was titled something 
like: The wrong solution always wins. I'm not sure of the title - I'm 
paraphrasing... but I remember that coming across the thing really made my 
blood curdle. Then as I read it and did the math my life flashed before me 
- every battle I'd ever fought to build the perfect product only to have it 
shelved before deployment, any project I ever worked on that was canceled 
before it