[Operators] server reputation

Jesse Thompson jesse.thompson at doit.wisc.edu
Fri Apr 18 13:55:24 CDT 2008


Pedro Melo wrote:
> Hi,
> 
> On Apr 17, 2008, at 8:16 PM, Peter Saint-Andre wrote:
> 
>> Last year I posted a blog entry about server reputation:
>>
>> https://stpeter.im/?p=1988
>>
>> I think it would be helpful for this group to define some parameters for
>> measuring server reputation.
>>
>> I'm not yet sure how we would use this information. I don't like the
>> idea of a centralized reputation service since that provides a single
>> point of failure for attacks against the network. At the last XMPP
>> Summit in Brussels, we talked a bit about the idea of a server buddy
>> list -- i.e., your server has a list of trusted other servers that it
>> consults. So at jabber.org we might ask amessage.de and sapo.pt (or
>> whatever) about new servers on the network.
>>
>> If we do this in an automated fasion, it requires better tracking and
>> monitoring in existing xmppp server codebases.
>>
>> We could also do this in a more human-intensive way, e.g. a voting site
>> (or sites) where admins can vote +1 or -1 on various domains.
>>
>> Thoughts?
> 
> My problem with the whole server reputation thing is I don't see the 
> next step.
> 
> Suppose that we get a reasonable system for measuring server reputation. 
> What then? Are you going to start blocking s2s based on reputation, or 
> have different shaping rules? Do future XEPs for certain protocols (like 
> pubsub proxying for example) take in account a "trust level"?
> 
> WIthout know what the goals are, what the usage of this database will 
> be, I don't see how we can design it.

The problem is that spammers will just create phony gmail or jabber.org 
accounts to use for spamming.  There's no way to justify blocking *all* 
s2s from gmail or jabber.org, so those spammers will have free reign.

Server reputation still might be a good idea if the spammers choose to 
connect directly to send the spam.  However you won't get much buy-in 
until there is a problem that needs solving.

In the email world, public whitelists aren't all that popular. 
Blacklists are.  A server is in effect whitelisted if it isn't on any 
blacklist.  I would suggest blacklisting as a first step.

Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080418/fc9a99b8/attachment.bin 


More information about the Operators mailing list