Hi, On Sat, 22 Feb 2003 09:35:30 -0800 Marc Perkel <[EMAIL PROTECTED]> wrote:
> The idea that there is nothing that I can do to stop our newsletter from > being blacklisted by Razor is unacceptable. That would definitely be the > wrong answer. Unfortunately, 'wrong' is not equivalent to 'untrue'. Question: Do you have the same problem with DCC? (http://www.rhyolite.com/anti-spam/dcc/) False positives are due to honest mistakes (fat-fingered the report key), ignorance (automated reporting and spamtraps), and malice. The question is, where do your particular false positives come from? That's a rhetorical question because only someone privy to the innards of the Razor database can know that. Honest mistakes? Those people that are paying attention when reporting know how to self-revoke and they do to preserve their TeS. Ignorance? I blame automated reporting and spamtraps. I don't know how the EFF newsletter is managed, but if it doesn't confirm subscriptions and periodically reconfirm users (BUGTRAQ does it at least annually), it's liable to end up in a poorly-configured spamtrap somewhere. So the first step you can take is to ensure your (re)confirmation and scheme is working. Malice? Aside from the Attorney General and a handful of sexually-inactive teens, I can't fathom who'd bother, but for the sake of argument, let's assume there's a He-Man EFF-Hater's Club (HEC) out there somewhere. If the HEC only reports your newsletter as spam and someone else revokes HEC's report, HEC's trust level drops. The damage is done initially but HEC's capacity to damage is limited with every bogus report they file. They can resubscribe as HEC2, HEC3, etc. to clear their reputation and the cycle can continue but it's pretty clear you'd need a decicated and large conspiracy to do this, the probability of which is small but non-zero. Also, it's doubtful that most of the conspirator(s) are manually reporting your newsletter so you may be able to shed them by periodically reconfirming subscriptions (above) if you don't already. We're assuming that Razor's trust model is reasonable which may be the crux of your argument. I'm not happy that it's not made public but I understand the rationale for keeping it hidden for the time being and I respect that decision. But assuming that, flawed or not, the trust model is not going to change anytime soon, there are things you can do to mitigate the damage done by bad reports. For example, break each newsletter mailing into several smaller mailings. After each burst goes out, wait a bit and check your message against Razor; if it's listed, revoke the listing and send the next burst. Repeat until the whole mailing goes out. If you're really paranoid (and who isn't these days?), intelligently shuffle the recipients to home in on potential reporters. Extremely paranoid people would send widely different content to different groups of recipients to further zero in on malicious reporters, all without cooperation from the maintainers of the Razor database. Another route is working with the Razor developers/Cloudmark to improve their trust model. I'm sure the EFF has knows people who are smart, pleasant, and feel strongly about promulgating good anonymous trust systems. Or arranging a smoky backroom deal with the db maintainers to keep your newsletter out of their database. This might not be the best list for discussing either of these. Yes, it's extra work and I expect some or all of these suggestions will offend the EFF's sensibilities, but you asked for answers, not solutions[1]. hth, -- Bob [1] I'm speaking mathematically; answers help you right now, solutions help everyone forever. ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Razor-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/razor-users
