[WP?;] shared whitelist writeup from Dan Brickley on 2003-01-22 (public-esw@w3.org from January 2003)

From: Dan Brickley <danbri@w3.org>
Date: Wed, 22 Jan 2003 04:00:07 -0500
To: Graham Klyne <GK@NineByNine.org>
Cc: public-esw@w3.org, gerald@w3.org
Message-ID: <20030122090007.GB1078@tux.w3.org>

(copying swad-e list, though this is only superficially an RDF app at this stage)
(and Gerald, who got me into this idea)

Hi Graham,

Nice to see you again yesterday. Before I forget, here is a pointer 
to the whitelist-sharing spam filter application I worked on lately, as discussed 
in coffeebreak. FWIW I use it, and take advantage of local access to a (hashed)
version of W3C's list of probably-not-spammer mailing list subscribees. It works 
well, although each day I have several msgs from people who addresses don't match.

Details: http://www.w3.org/2001/12/rubyrdf/util/foafwhite/intro.html
google has a few more pointers, http://www.google.com/search?q=%20foaf%20whitelist
my own whitelist: http://tux.w3.org/~danbri/rdfweb/foafwhite.xml (feel free to use)

I'm thinking of making a few changes.

 - decouple basic idea from foaf (though foaf might prove useful for discovery/trust
   addons)
 - add both case-normalised and as-is hashes of each mailbox, so that if 
   mailto:danbri@W3.org is on your whitelist, and you check for mailto:danbri@w3.org, 
   you'll get a match.
 - bundle up the code I'm running
 - write it up (I'm wondering whether there's a corner of swad-e where such a 
   piece of writeup makes sense. it isn't a million miles from the Trust WP...)


FWIW I had a brief exchange with someone from Mozilla.org about possibility of 
whitelist exchange to support spam-filtering on mailing lists, some time ago. You 
mentioned possibility of interest from folk running IETF lists too, maybe that 
would be enough to get critical mass? We'd need to think about privacy issues a bit 
more carefully before encouraging people to do this. Knowing that a person is on 
some publically visible technically oriented list isn't such a controversial fact, but 
if the technique were adopted for more controversial (sex/politics/health/etc) fora, 
we would need to tiptoe rather carefully. Ultimately I would like W3C and other 
large mailing list hosts to expose such whitelists for re-use and sharing, but I 
wouldn't want to do that without thinking through the issues.

I do think that whitelist sharing is the way to go re spam filtering, augmented by 
content-based filtering. Whitelists paint spammers into a corner, where they have to 
forge From: headers to get mail through to an audience. An obnoxious practice, but 
one that makes a starker line between 'goodies' and 'baddies'.

Thoughts, suggestions, devastating critiques welcome as always :)

Dan



Dan

Received on Wednesday, 22 January 2003 04:00:16 UTC