Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet Spam

Reputation Lookup for IPs 143

xzap writes "ZDNet is running an article about TrustedSource.org which is a new portal that provides reputation information for IP addresses. It can be used to configure your spam filters or when deciding whether to add an unknown host to your blacklist. Dmitri Alperovitch, a research engineer at CipherTrust said "Often companies don't realize that they have zombie machines on their network that have been sending e-mail. It may be more helpful for organizations to identify which systems on their networks are sending e-mail." Users can drill down to find more information on each domain. The portal is an initiative of CipherTrust who have previously been covered on Slashdot."
This discussion has been archived. No new comments can be posted.

Reputation Lookup for IPs

Comments Filter:
  • Great Idea (Score:2, Funny)

    by nberardi ( 199555 ) *
    This is a great idea, now if they had this for politions.
    • Re:Great Idea (Score:3, Insightful)

      wow I thought my spelling was bad...



      I don't get it....if a system admin is active enough to look at this page and cross reference with his/her network. Do you think it's likely that it's the same people who actually are also active enough to carefully monitor their traffic to notice a spam bot?

      of course this page would be more useful especially for everybody else... but at first glance at the summary I started to scratch my head and wonder why exactly somebody would make this.
      • Re:Great Idea (Score:3, Interesting)

        by Mattygfunk1 ( 596840 )
        of course this page would be more useful especially for everybody else... but at first glance at the summary I started to scratch my head and wonder why exactly somebody would make this.

        Add to that admins who lease IP addresses for servers. You really don't need the IP address on your new dedicated server to have been recently held by a spam group.

        __
        Funny video clips for adults [laughdaily.com]
    • by buro9 ( 633210 ) <david&buro9,com> on Wednesday August 31, 2005 @07:25AM (#13444618) Homepage
      A list of Tor server IP's:
      http://proxy.org/tor.shtml [proxy.org]

      Some people are bound to abuse TOR by simply being dickheads over it, comment spamming, flaming, trolling, etc.

      But the benefits of a system that protects your right to free speech totally outweighs the negative.

      If those dickheads negatively tarnish the Tor servers such that they become less valuable due to being second class citizens on the internet... then it is a really really bad idea.

      Protect firstly that which you have, then see what you need to do to stop spammers, dickheads in general, etc.
    • Better yet, simply collide politions into their antiparticle, the honestron.
      • POLITRON: 1) The quantum of dishonesty, commonly misspelled POLITION. 2) An inhabitant of Washingtron. 3) a variant of POLYTRON, the particle that allows the creation of multiply nucleated elements. See UNOBTAINIUM.
    • Re:Great Idea (Score:3, Informative)

      by orangesquid ( 79734 )
      I just hope this isn't another one of those things where the lists are never cleaned out.

      My university is blocking me from checking my email on the engineering network. Why? Because in february someone living in this dorm tried to log in as root. Now, after a new semester has started, *I'm* getting blocked, becuase I now have that IP. Why do people never clean out these lists?
      • That's why, for my spam filters, the only blacklist based stuff that I outright reject is from the spamhaus sbl/xbl list. It is easy to remove yourself from that list, should you land on it for some reason.
    • Actually, I thought they should do this for cars. Whenever someone cuts you off on the road or something, you go to a website and add a rating for their license plate. I am sure this would have all sorts of legal problems but could lead to some cool new applications in cars.

      It's interesting to me that license plate numbers are publically visible but publishing this data in any way would probably be illegal.
    • I've implemented this. Feel free to use this code however you want.
      /* returns an integer from 0 to 100
        rating the trustworthiness of the
        politician */
       
      int trustworthiness(char *PoliticianName)
      {
        PoliticianName; /* avoid unused-variable error */
        return 0;
      }
  • ...domain whoring!
  • by FooAtWFU ( 699187 ) on Wednesday August 31, 2005 @07:06AM (#13444530) Homepage
    a reputation system for sites who don't try to slam you with a ginormous Flash advertisement the minute you load their site? Good Lord, and thank goodness for FlashBlock...
  • Not that impressed (Score:5, Interesting)

    by timbrown ( 578202 ) <slashdot@machine.org.uk> on Wednesday August 31, 2005 @07:06AM (#13444532) Homepage
    It showed my IP blocks as having raised concern, despite the fact that they're not on any black lists and I can't why it has drawn that conclusion. Also, using the domain checker, it has no knowledge of non-TLDs meaning it will treat xxx.org.uk and yyy.org.uk as the same domain - org.uk.
    • I'd simply call this yet another black/white list, with buzzwords attached. What makes it any different?
    • by TripMaster Monkey ( 862126 ) * on Wednesday August 31, 2005 @07:12AM (#13444565)

      I haven't found an IP yet that tests at less than 'Raised Concern'. Seems that 'Raised Concern' is to TrustedSource as 'Elevated' is to the Department of Homeland Security...
    • by Zocalo ( 252965 ) on Wednesday August 31, 2005 @07:21AM (#13444604) Homepage
      It seems that the system needs some data to establish a baseline and before that happens the default rating is "raised concern". My personal mailserver is in this category, while my work server which has been seen is "Inoffensive" and a healthy shade of green. There are a few other glitches to be ironed out, but all in all this looks like it will be very useful anti-spam resource once a decent amount of data has been collated.
    • It's basically crap. It uses RBL's that have been proven time and time again to be extreme loose cannons, RBL's like ahbl that block netblocks up to the size of a /16 to catch a few specific hosts.

      Silly. One of the many reasons alot of people are going to URIBLs.

      In summary- Just another RBL that no one can use because they block to much legitimate traffic.

    • "raised concern" is a perfectly reasonable rating.

      Established email servers are not usually used to sent UCE, a result of RBL's is that most are now secure.
      Most UCE is sent from zombies and these are typically unknown as email servers.
      Therefore the default status of an email server that is unknown to TrustedSource can reasonable be expected to be "raised concern".
      • I agree, and while there are probably many legitimate mail servers still unknown to TrustedSource, a "raised concern" for this reason alone should not be enough to reject mail from that source. Maybe if a number of other tests simultaneously flash yellow warning lights, the fact that the IP address has no history of past mail may be enough to trigger a rejection.

        My problem with the TrustedSource site, however, is that they don't seem to provide any documentation explaining how their ratings are calculated,

    • I also do not like this idea. I have difficulty joining several IRC networks or even posting on slashdot without jumping through hoops because it seems that there are an awful lot of kiddies on my subnet that like to spam/flood/ircbot. Could it get worse? I'm already discriminated against by the actions of my neighbours. How bad will it get? Will there be a point where I'll have to switch ISP just to get the services I want? Or will ISPs have to monitor every outgoing packet to make sure that there ar
      • I have difficulty joining several IRC networks or even posting on slashdot without jumping through hoops because it seems that there are an awful lot of kiddies on my subnet that like to spam/flood/ircbot. Could it get worse?

        Sure it can get worse; it may eventually be impossible for you to do anything at all, regardless of your willingness to jump through hoops, as long as you share subnet with those kiddies (or whatever issue people have with your IP address). If I were in your situation, I'd be gratefu

        • Well, it is slightly complicated by the fact that there is a duopoly on broadband in my area, so technically I cannot switch ISPs without moving as well (the other ISP just can't offer a package that I'm interested in). That of course is really just another downfall of my already poor situation and speaks nothing to your arguement: your point is very well made. I'm basically SOL. I can attempt to contact my ISP, but there is a very low chance that they will actually do anything about it. (Somewhat simila

          • I appreciate that we agree on where to place the blame here. That said, I don't see why even a broadband provider lock-in would be too difficult to circumvent. Couldn't you get a Unix account with some other ISP, and route your traffic through a proxy on their network? After all, this is what spammers do to work around various blacklists, except that they steal such services instead of paying for them.

            I don't know whether there are proxy configurations suitable for this task already, but I see no reason wh

  • by troon ( 724114 )

    It may be more helpful for organizations to identify which systems on their networks are sending e-mail.

    If an organization wakes up to this problem, why would it not simply block port 25 outgoing except to its mailservers?

  • Nice idea (Score:5, Interesting)

    by FirienFirien ( 857374 ) on Wednesday August 31, 2005 @07:08AM (#13444540) Homepage
    You can bet that the spammers will look for ways to improve their standing. Being able to use a compromised computer to rank a page with positive points/karma/rating etc seems like a significant problem. If it's a negative-only system then those same compromised computers can blacklist IPs that aren't compromised, effectively reducing the 'average' past their own, leading to their own standing out as relatively whiter.

    Hopefully CipherTrust will have a look at (for example) things Google has done with pagerank, and be able to address a problem that is significantly tied in with the problem it is trying to help with.
    • This also has other potential uses. A project dedicated to providing several kinds of blacklist, such as one for outbound port scanning and notoriously bad security problems, to worm ridden networks and otherwise categorized lists that would be subscribeable to through the service. Once a network is reported for spreading a worm it could potentially slow down the propagation as the client picked up on the newest list and did the -s 152.164.64.0/16 -j DROP on them.
  • Hmm... (Score:5, Informative)

    by slavemowgli ( 585321 ) on Wednesday August 31, 2005 @07:10AM (#13444548) Homepage
    Hmm. According to that database, my current IP has two traits: one, it has never been used to send spam etc. (as far as they know); and two, it is "suspicious".

    Makes you wonder. If nothing ever came from this IP, then shouldn't it be "unsuspicious" or something like that (or at least "unknown")?

    That being said, I wouldn't really trust a company, whose prime motivation is to make money, with things like this anyway. There's already DShield [dshield.org], which is a community effort, so what do we need this for?
    • "Makes you wonder. If nothing ever came from this IP, then shouldn't it be "unsuspicious" or something like that (or at least "unknown")?"

      Simple: any IP address that looks itself up is suspicious. YOU COULD BE A TERRORIST! Sorry, wrong meme. YOU COULD BE A SPAMMER checking his IP before spamming!
    • I got the same "suspicious" for the same reasons (which is plain stupid) so for fun I tried the "Are you cracked?"-thingy at DShield but it's even worse as it logs failed torrent connections as "attacks" originating from my IP.

      Do we need either? Are there anyone out there who actually uses this stuff for serious purposes?
    • "Makes you wonder. If nothing ever came from this IP, then shouldn't it be "unsuspicious" or something like that (or at least "unknown")?"

      I have to disagree. If an address has never sent mail before, it is slightly suspicious for it to start sending mail. It'll either turn out to be a spam zombie (resulting in a decreasing reputation), or it'll turn out to be a new, legitimate mail server (resulting in an increasing reputation).

      I think the way the current spam situation is, a previously unseen IP addr

    • You have to keep in mind that CipherTrust has its mind on the enterprise market. I have spoke to a couple of admins that run IronMails and they love them, but they are not they are not cheap.
  • by jabuzz ( 182671 ) on Wednesday August 31, 2005 @07:10AM (#13444550) Homepage
    Why on earth should lots of machines be able to send email from inside a corporation? Surely some smarthosts and block port 25 at the border routers is the way to go. Then a check of the logs can give you clues as to which machines are compromised.
    • ``Why on earth should lots of machines be able to send email from inside a corporation? Surely some smarthosts and block port 25 at the border routers is the way to go.''

      Hmm, I don't like that idea. It basically forces you to send your mail through an SMTP server on the same network. Most machines I use use the sendmail command, which, AFAIK, connects directly to the MX for the receiving domains. I like this behavior, because (1) it doesn't put unnecessary load on any outgoing SMTP server, (2) doesn't have
      • by abulafia ( 7826 ) on Wednesday August 31, 2005 @08:24AM (#13444956)
        Most machines I use use the sendmail command, which, AFAIK, connects directly to the MX for the receiving domains. I like this behavior, because (1) it doesn't put unnecessary load on any outgoing SMTP server, (2) doesn't have a single point of failure, and (3) doesn't allow the administrator of the outgoing server to inspect/filter/modify/reject the mail I send.

        (0) Depends on how your boxes are configured. Once you have a smarthost, configing sendmail/postfix/whatever to use it is trivial.

        (1) The incremental load of an email message is trivial. If you're smarhost is overloaded... beef it up - this is like any other capacity issue.

        (2) Mail is robust. (spam is causing people to break some of the things that make is robust, but it is still pretty good.) Having a failover/backup MX host/backup smarthost is easy enough that organizations who do enough volume for it to matter should have a plan for that. Hell, my company does less than 1000 outgoing messages a day, and we do.

        (3) Possibly legitimate, probably futile. If someone wants to read your mail and you're on their network, use PGP, or you're doomed. Transparent proxies are only the easiest way to grab it. Personally, I'm a big fan of companies/orgs running their own SMTP servers, and using them. Every-box-sends, especially today, is a real issue, and the win of not configuring sendmail to use a smarthost is balanced by the fact that if you want to get through spam filters, you need to configure DNS for every machine, and monitor them to make sure they're not doing something bad. Choose your poison.

        I don't like taking this to the extreme that some seem to favor, requiring everyone to use the ISP's smarthost. That does become a real chokepoint where potential monitoring takes on a different tone, where I can't control the TLS, incoming authentication or spam filtering, and where someone else's actions can stop my mail delivery. But for companies, one (or sometimes more) outbound SMTP server(s) per site makes a lot of sense.

        Again, a personal anecdote - If we didn't do it this way, it probably would have taken me much longer to realize the Windows installation I built under VMware a while back had been zombified before I could patch it. As it happened, while it was patching, I checked my mail and my firewall was screaming about it trying to send mail (and connect to IRC, but that's not the question at hand.)

        I realize not everyone has the skill or takes the time to run a tight network, but mail isn't hard for the vast majority of sites to get right - there's almost nothing to it these days.

      • The smart host goes in your DMZ.

        Your regular mail server goes in your secure network.

        You block all outgoing smtp connections from your secure network, except those going from your regular mail server to your smart host.

        Any machine sending email from your secure network is configured to use your regular mail server as a smart host. This will prevent all but the most intelligent of viruses from spamming from your machines.

        It also allows you to have different levels of filters on your boxes. Anything that's in
      • ``Why on earth should lots of machines be able to send email from inside a corporation? Surely some smarthosts and block port 25 at the border routers is the way to go.''

        Hmm, I don't like that idea. It basically forces you to send your mail through an SMTP server on the same network.

        I rather do.

        I have all my servers sendmail (or rather Postfix) installations to relay through the server we use as a mail server (also using Postfix). It greatly simplifies administration - each server has a very simple Postfix

    • Why on earth should lots of machines be able to send email from inside a corporation?

      Most large corporations use Exchange, Groupwise, or Notes Servers. The network admins most likley don't even think of bothering to block port 25 because they don't use SMTP.

      Out of sight. Out of mind.
  • Next we'll have slashdotters writing a firefox extension to mine the IP database for porny IPs...
  • by mancontr ( 775899 ) on Wednesday August 31, 2005 @07:19AM (#13444598)
    Doesn't most of spam zombies use dynamic ip address? Then this is useless... Even worse, you can get an ip wich have been used by a zombie and this system will think you're too.
    • ``Doesn't most of spam zombies use dynamic ip address?''

      The way I understand it, that's exactly why this is a good system. When spam is received from an IP, it isn't outright blocked, just it's reputation is worsened. When good mail is received, the reputation is improved. If a network has many spam zombies on it which keep changing IPs, all these IPs will get a bad reputation, resulting in the network as a whole having a bad reputation. A network with few or no spam zombies on it will have a good reputatio
      • The problem, then, is on a large network like Comcast. You have bad eggs, you have zombies, and then you have responsible netizens. The responsible ones end up getting their reputation tarnished by the other two as the blame is spread across all of the dynamic IP's over time. There really isn't much the responsible person can do about it, as they have no control over the IP they are assigned. They suffer from the tragedy of the commons.

        • Nope the ISP should police its own network proffessionally.
          If they fail to do so the responsible customers should move to a more responsible ISP.
          • Responsible customers aren't the ones spamming the hell out of the world. It's the clueless ones. The "simple economic forces" that you wish for don't occur for one of the reasons laissez-faire capitalism fails: consumers typically do not make ideal decisions, and therefore cannot police themselves.
            • It's the clueless ones.

              So they gain the reputation they deserve, a poor one.

              The "simple economic forces" that you wish for

              Strawman tilting at windmills.

              consumers typically do not make ideal decisions,

              Which is why a reputation based system is so much better. It simple enough for any moron^Wconsumer to understand.

              and therefore cannot police themselves

              The responsible netizens that do police themselves get a reputation they deserve, a good one.
    • Exactly, this system is the most fucking retarded idea I have ever heard of.

      Some ISPs even charge you EXTRA to get a static address.

      This isn't even a troll, the idiots that thought this up should be repeatedly kicked in the groin.

  • by bluepuddle ( 740560 ) on Wednesday August 31, 2005 @07:20AM (#13444599)
    A similar site already exists: http://www.senderbase.org/ [senderbase.org]
  • BFD (Score:1, Offtopic)

    by ptomblin ( 1378 )
    This is no better than any of a number of other existing RBLs as far as I can see. So why does it get a front page write-up?
  • Well... (Score:2, Insightful)

    by Lellor ( 910974 )

    Being from a country that is considered a hotspot for spam, I naturally appreciate any effort to eradicate spam, BUT blacklists take things too far. They don't seem very effective and only serve to irritate and inconvenience people who have done nothing wrong and are using their IPs for only legitimate purposes.

    This especially effects smaller ISPs and hosting providers, who get slammed despite in al ot of cases being able to prove that no spam was originating from their network and that htey have secure s

    • What's wrong with the Canadian gun control system? Are more people being shot, or victimized by criminals?
      • What's wrong with the Canadian gun control system?

        There are tons of things wrong with it, unfortunately. The main things wrong with it being the budget problem (something to the tune of $2-billion dollars over budget), the fact that it doesn't look like it will ever stop draining resources, and the fact that the Royal Canadian Mounted Police have admitted that it is still impossible to track where weapons used for crimes came from (that is, whether they were smuggled in from the US or whether they wer

  • by Anonymous Coward
    ... you should use reputation of the AS (autonomous system). An AS is a group of IP addresses that are owned (generally) by the same entity.

    There may be billions of IP addresses, but not that many ASes.

    I started to write a spamassassin plugin that would track the spamminess of email by AS - haven't finished yet.
  • by Anonymous Coward on Wednesday August 31, 2005 @07:29AM (#13444639)
    Excellent box fast responce would deal with again! A++++++++++
  • This is pretty horrible. Spamisp will trash an ip's reputation, get it blacklisted everywhere, then just reassign it. Not to mention what happens with temp abuse of service (say, run a shell server and have someone spam from it for a day before you notice and catch them)
  • Spamcop.net could tell you this. Come on we know know that rr.com (roach runner) is a coakroach heaven. if only somebody could give the the navy the co-ordinates to the hr dept of rr, and then fire a missile at them then that might be deemed 'progress' Or do what we do block - *.rr.com
  • Fun facts (Score:3, Interesting)

    by miffo.swe ( 547642 ) <daniel DOT hedblom AT gmail DOT com> on Wednesday August 31, 2005 @07:37AM (#13444684) Homepage Journal
    China has surpassed the US in the zombie race. According to this page: http://www.trustedsource.org/zombiemeter.php [trustedsource.org] China has taken the lead. Still the US zombies are more effective since almost all spam originates from the US. You just wait until the Chineese gets the Dragon CPU up and running.
  • by dskoll ( 99328 ) on Wednesday August 31, 2005 @07:50AM (#13444741) Homepage
    For example, on the "IP" page, it said that 255.255.255.255 is sending spam, and that 224.1.2.3 "raised concern".

    Of course, those are not valid unicast IP addresses.

    On the other hand, 192.168.10.12 is "inoffensive". Phew! :-)
    • Not only that, but who came up with the completely nonintuitive color coding for the "Spam senders by geographic region" world map, Tom Ridge?

      (low) Blue/Purple/Red......... Orange ....... Yellow (high)

      Not sure why exactly you'd want 3 color changes for the low end of the scale, but only 1 long drawn out color change for the high end.
    • That would be because spammers ARE spoofing those IP addresses to send mail
      • That would be because spammers ARE spoofing those IP addresses to send mail

        Uh.... I don't think so. None of the examples I gave (255.255.255.255, 224.1.2.3 or 192.168.10.12) is a public unicast IP address.

        Now if you can document a case of a spammer successfully completing an SMTP session from one of those addresses, I'd be mighty impressed.

  • What might be interesting, would be if google (or another search engine) used the same information as part of its ranking, so if a site that has a low reputation hosts a page with your keywords, the likelyhood is you're probably not interested.

    Is there a system for removing an IP address from the list?

    What happens if you are on a server with a dodgy site, but you share the IP address?
  • Ironport? (Score:4, Informative)

    by Sandman1971 ( 516283 ) on Wednesday August 31, 2005 @08:24AM (#13444952) Homepage Journal
    Wow, this is almost an exact copy of Ironport's [ironport.com] Senderbase Reputation Score [senderbase.org]!
  • This could be extended to usefulness in a firewall's configuration for blocked hosts. Networks or individual IP's that are known to have poor security and have scans frequently emanate from them should be on a temporary list like spam blacklists.
  • 255.255.255.255

    First seen: 2005-07-29

    Country: UNITED STATES

  • What is somewhat frustrating in my opinion is the nature of IP's--they are just used for certain lengths of time and then passed on when they are no longer needed. By judging an IP address on its history, how many reputable sites are blamed for the actions of those that held the IP first? Could you imagine moving into a new home, getting your phone number, and then not being able to call out because the person before you abused others using that number?

    That having been said, I really don't know of a bett
  • I'm interested in understanding that. Could someone enlighten me?

    My domain and IPs are listed as "Inoffensive", but it does show an increase of mail volume in one of my IPs, and the decrease on another yesterday (I've changed my sendmail outgoing IP; it was using the wrong eth0 aliases).

    I know I'm not sending emails to 'spam trap' addresses (we do not send unsolicited mail), my linux server is not an open relay nor a zombie, and I block outgoing smtp coming from the intranet (so there couldn't be a windows
    • DUnn about your setup, but I got a spam from a domain called "mylinuxisp.com." I entered on of its IP addresses (216.39.207.140) and it came up with a reputation as a spam source. The trend meter jumped from zero to a peak of 700 percent.

      Somebody on that linux-driven network got zombied.
      • Excuse me but,

        >Somebody on that linux-driven network got zombied.

        Not all spam comes from zombies. If the ISP is spam-tolerant, you may just have their subscribers sending spam.

        Also, just because of the name of the ISP, I suppose it doesn't mean all their subscribers run linux, so you could have zombies there too.

        Finally, I did not imply linux cannot be zombied, but if my smtp server is a zombie, it's a very lazy one, or I'm also rooted, because tethereal showed about 200 outgoing smtp connections yesterd
  • Having a look at the list of domain keys very nicely points out that all the dodgy looking names have got their domain keys well in order to continue the barrage of crap email, but at least you know it is from them...

    It also shows a nice, test key when inspecting the spf records for such high quality domains...

    http://www.trustedsource.org/dkim.php [trustedsource.org]
  • Often companies don't realize that they have zombie machines on their network that have been sending e-mail.

    Well, you could sign up with some sort of reputation service. Or you could just start with those machines which are spewing port 25 all day, every day. Those are either zombies or people with a LOT of friends.
  • Not nearly as bad as I'd have thought.

    Any net vigilanties out there want to "infect" these machines with patches?

    ISP             Active Hosts Yesterday
    yahoo.com       4110
    comcast.net     4017
    hotmail.com     1567
    aol.com         358
    rr.com          5256

    http://www.trustedsource.org/
  • 0.0.0.0

    Current reputation: Spam First seen: 2005-08-03

    This is the last straw; the "IANA" postmaster is getting a letter from me. I've been having a problem with another one of their IPs as well (127.0.0.1).
  • I recently tested appliances from CipherTrust and IronPort that use TrustedSource and SenderBase respectively. The CipherTrust unit yielded an unacceptably high number of false positives (0.8%), partially due to bad data from TrustedSource. The IronPort unit performed much better, but I have concerns about the Bonded Sender program (and if you are using SenderBase, it seems that you have no choice but to honor Bonded Senders). Since implementing Exim/SpamAssassin/ClamAV, I've noticed that 10-20% of our i
    • Agreed... but there's a bigger issue at work here. Those poor souls who run a mail server and have it hacked into immediately have their IP address or worse their domain name blacklisted, forcing a grueling process of trying to get their email back. This process can be devestating for a company who depends on email as their sole method of communication.

      In general I think any blacklisting method is not useful because the possession of those IP addresses is either questionable for 0wn3rship reasons or for t

  • I just looked up one of my IP addresses. Thanks to "TrustedSource" I have gained the following insight:

    1. My daily average message volume is represented by a single shaded envelope icon (out of a possible 10). I can't find anything that translates this to an actual number of emails sent.

    2. Yesterday my average volume was up 1,400%! Sounds serious. What does this mean? Well, I can't tell. Again it shows a single shaded envelope icon, with no hint of what this actually means.

    3. Even more worrisome, t
  • Contrary to the article title, trustedsource isn't providing any reputation score whatsoever. Reputation scores are useful in determining whether someone has been sending spam, not whether they are a high-volume sender.

    Senderbase [senderbase.org] has been providing this information for quite some time. Senderbase gives numerical scores for e-mail volume and makes it easy to see when an address or domain is on spam blacklists.

    Folks with an IronPort e-mail security appliance are granted access to the actual reputation sco

  • TrustedSource ? Concerns raised: What is their definition of concern, raising, and how does an IP get to be labelled "Raised Concern"?
    • Yeah,

      Take 200.155.79.253 (my usual home (dynamic) IP address).

      First Seen: Never
      Daily avg: nil
      Yesterday: nil
      Not on any blacklist

      Current reputation: Raised Concern ??
      I'd agree with "Suspicious", for being in a dynamic broadband range, but "Raised Concern"?
  • If people spoof other people's IP addresses, the people that those IP addresses belong to would get a bad reputation. The same thing goes for spoofing email addresses. And I'm not just talking about spam. DoS attacks generally come from spoofed IP addresses. And there is apparently no way to prove repudiation in these cases.

  • It is my understanding that many IPs are owned in blocks, and are distributed to MACs by protocols like DHCP in a random or dynamic sort of way. With this in mind, it seems that denying communications to IPs based on some sort of history is analogous to discriminating against any group of people, eg. a country, based on the history of any individual within that group. Thoughts?
  • If companies have mail zombies on their networks spam is the least of their problems, they should be more worried about the possibility that someone on the outside has complete control over internal machines... (trade secrets, contracts, customer lists...)

Never test for an error condition you don't know how to handle. -- Steinbach

Working...