On Wed, Feb 15, 2023 at 5:39 AM Scott Kitterman <ietf-d...@kitterman.com> wrote:
> Any reputation based solution does have down scale limits. Small mail > sources > (such as your random Nebraska forwarder) generally will have no reputation > vice a negative one and so wouldn't get penalized in a scheme like the one > I > suggested. This does, however, highlight where the performance challenge > is. > We've moved it from duplicate detection to rapid assessment of reputation > for > hosts that have sudden volume increases. > I wonder if this could be separated into "reputation" and "hosts that have sudden volume increases". Reputation is hard. Large operators spend a lot of R&D time coming up with algorithms that accurately (for some value thereof) compute the reputation it should associate with an identity. That investment means they're not inclined to share that secret sauce. Small operators without those resources long for an open source solution, or a cheap or free service from which they can reliably get reputation data. Companies that offer reputation data for public consumption have been sued out of existence by people that get marked as suspect, so really good ones don't seem to abound last I checked. There's a lot less secret sauce involved in the latter. It would be interesting to see if some simple recordkeeping of this nature could make a dent in the problem space we're discussing. But that might just encourage further distribution of the attack to avoid detection. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
