On Fri, 8 Jun 2018 at 11:53, David Hofstee <opentext.dhofs...@gmail.com> wrote: > [...] > I also think that there is space for a reputation provider which can: > - Identify more than just IP addresses and domains from an email.
This is what CloudMark Authority does about this, but you enable a new set of issues that have been just fixed in the IP/domain world thanks to DMARC (I wrote an answer to the SDLU sister-thread). IIRC Vipul's Razor used the same fingerprinting concepts and ended up using a DNSBL of "fingerprints". Vipul founded Cloudmark and I don't know what is the current status of the Razor project. > - Is able to process feedback from domain owners and recipients in an > automated, quick, effective and anonymous enough way (with the GDPR et al). > Feedback is key. I strongly agree with "Feedback is key" both for "spam reports" and "non-spam reports" (and considering that "non-spam" only flows if you didn't block at the SMTP level). Unfortunately once you adopt SMTP reject based on a blacklist then you accept to stop getting false positives about that traffic, so you really stop monitoring the effectiveness of that block. The issue with this is that you have to start building a reputation not only for IP/domains/other email content fingerprints (sender stuff), but also need to build a reputation for feedback providers (recipient stuff) and maybe you also need a reputation management for people asking delisting (consultant, ESP...) A lot of data to mix.. so you start building some machine learning to deal with that automatically and then you end up with SmartScreen and no one, included your creator, will know why some message have been blocked or not ;-) (no offense to SmartScreen, I know how hard is to deal with this stuff, but I receive Office365 invoices in spam, in my Office365 inbox.). An FBL system "ala Google PT" (so only aggregated data not enabling list washing) but open to multiple receivers could help adding more accountability to ESP to do their own filtering part (mainly with B2B emails, as with B2C they already have microsoft/yahoo/google data). Stefano _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
