THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
I think it would be a good idear to give each instalation of spam assasin its own gpg key and use that key to sign the keys of the users of the server and the keys of any other servers that are used at the same site or are cominly comunicated with. This way you are only finding the key chain from one key to the sender and the cache database would be easer to implement.
FOAF
How can we incorporate \[http://www.foaf-project.org/ FOAF\]? Querying the website each time has quite some overhead, some caching is needed.Wiki Markup - How to access? XML-RPC or some DNSDB gateway? (Have you noticed that DNS gets abused for quite some things?)
- JustinMason: in thinking about this in the past, I considered that possibly the best way would be to have a crawler run from cron which generate a local cache of the remote data. however, one issue is that FOAF does not specify relays, just email address hashes; so this means that it's vulnerable to spammers faking the From addr. See 'Using From For Whitelisting Problems' below.
Web-O-Trust
The \[http://web-o-trust.org/ Web-O-Trust\] project is relatively dead, maybe we can revitalize it.Wiki Markup - It should be possible to implement the Web-O-Trust syntax in XML and put it into FOAF files.
- JustinMason: I have always argued that Web-O-Trust needs a way to specify various degrees of trust, as well; ie. "this server will never originate or relay spam", "this server is trusted not to be subverted by spammer code, but may relay spam originated elsewhere", etc.
LOAF
I dont't like the idea at all, but \[http://loaf.cantbedone.org/ LOAF\] might be worth looking into, too.Wiki Markup - JustinMason: big problem in my opinion is that the LOAF files are attached to each mail sent. bulky and messy!
- MalteStretz: ACK, thats what I dont like about it, too.
Geo info
\[http://www.corante.com/many/archives/2004/03/19/loaf_social_email_filtering.php This\] posting about LOAF made me think that it might be possible to use a website's published Geo information (how near am I geographically to the sender).Wiki Markup - JustinMason: several spammers live near me!
- MalteStretz: but they probably won't publish Geo records and if they start to do (probably not targeted ones but ones from high density urban areas), this rule won't work for you but maybe for people living at uncommon places
Querying Addressbooks
I already implemented a \[http://msquadrat.de/archive/04/03/22/01 quick hack\] for to query my KAddressbook from KMail for whitelisting. What about querying LDAP servers?Wiki Markup - JustinMason: see also 'Using From For Whitelisting Problems' below
...
- I guess quite some of them have some API available so it should be possible to write specific plugins for the services. I'd prefer if they just published FOAF profiles though.
- JustinMason: http://www.tribe.net/ publishes FOAF.
Six/Four
A friend pointed me to \[http://www.hacktivismo.com/projects/ Six/Four\], no clue how that could fit in, just noting it here. \\ \\Wiki Markup
Using From For Whitelisting Problems
...