On Mon, 16 Jun 2008, Linda Walsh wrote:
John Hardin wrote:
On Wed, 11 Jun 2008, SM wrote:
> At 17:46 11-06-2008, Linda Walsh wrote:
> > How does one decided on 'trust'? I.e. I think it would be
> > useful to assign a probability to "Trust" at the least. I mean do I
> > put
> > my ISP in my trusted server list? -- suppose they start partnering
> > with
>
> It could be a reputation system where you assign a probability.
Probability of what, exactly?
Bear in mind, "trusted" means "does not forge Received: headers", not
"does not send or relay spam".
I am aware of this.
However, it's not an easily discerned number, but if I had att or
comcast as an ISP, my trust in them would maybe be a trust value .7-.8.
You think they shouldn't be trusted to honestly report the IP address
their MTA accepts a message from?
Like the ISP in Europe who insertted over 20million ads on HTML pages --
they could just as easily be adjusting return headers.
The situations aren't parallel. The HTML modification had a profit motive
(at least until they lose enough in litigation to offset the profits from
inserting ads in other people's web pages). Where is the motivation to
forge Received: headers or lie? About the only scenario I can think of is
that they are an ISP who knowingly hosts spammers.
Where would an investigative need to report incorrect Received: data
arise? Obscuring the source of an FBI keylogger-insertion email? Perhaps.
How is that relevant to spam detection?
If you are a subscriber of a given ISP and you're retrieving your mail
from a mailbox at that ISP via POP/IMAP, you pretty much can't avoid
trusting them. They are the public-facing interface of your account. How
would fractional trust work in such a scenario?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The world has enough Mouse Clicking System Engineers.
-- Dave Pooser
-----------------------------------------------------------------------
2 days until SWMBO's Birthday
