Bug 3408 - FOAF-based whitelists
Summary: FOAF-based whitelists
Status: RESOLVED WONTFIX
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Tools (show other bugs)
Version: unspecified
Hardware: All All
: P5 enhancement
Target Milestone: Future
Assignee: SpamAssassin Developer Mailing List
URL: http://www.w3.org/2001/12/rubyrdf/uti...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-05-19 01:41 UTC by Kjetil Kjernsmo
Modified: 2019-07-08 09:56 UTC (History)
2 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kjetil Kjernsmo 2004-05-19 01:41:10 UTC 
Perhaps this is not the time to report new enhancements, but it was now it came 
into my brain... :-) 
 
I'd like to see a white-listing mechanism based on "Friend of a Friend": 
http://www.foaf-project.org/ 
FOAF is a big RDF-based project where you mark up your relationships with your 
friends, who is a again marking up their relationships, ad infinitum 
(almost) :-) So, you get extensive web-of-trusts, and since spammers have no 
friends they're not going to be in there...  
 
A tool to traverse the web of trust and build whitelists would be great. 
 
It is to be noted however, that to avoid the problem of spammers taking 
advantage of e-mail addresses in FOAF-files, they have been hashed, so SA needs 
to compare the hash. 
 
In fact, Dan Brickley, the W3C RDF Interest Group Chair, has allready done a 
lot of work on this, see  
http://www.w3.org/2001/12/rubyrdf/util/foafwhite/intro.html 
In fact, I found a few weblog comments by Dan where he indicates he has a 
working SA implemention: 
http://www.intertwingly.net/blog/1410.html#c1060101601 
 
so I guess this could mean that a full SA implementation quite easily achieved.
Comment 1 Justin Mason 2004-05-19 02:49:57 UTC 
Subject: Re:  New: FOAF-based whitelists 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I'd very much like to see this -- an SpamAssassin 3.0.0 plugin
would be the best way to do this, as it can be developed and
distributed outside the core SpamAssassin distro.

Note that one failing of simple addr-based whitelists is that
spammers will forge addresses; ie. they often fake spam with
the same From and To addrs, assuming that the recipient will
have their own address(es) in their whitelist.

This can be ameliorated however by requiring that the From addr
have a corresponding SPF record.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAqy2nQTcbUG5Y7woRAp09AJ40+DitXNPM41LM+1G/kdLzMeXdNgCgnOM/
sR0c3ue+RsunVQbrSS0pqUg=
=/D0v
-----END PGP SIGNATURE-----
Comment 2 Daniel Quinlan 2005-03-30 01:08:51 UTC 
move bug to Future milestone (previously set to Future -- I hope)
Comment 3 Henrik Krohns 2019-07-08 07:18:09 UTC 
Gotta love these early 2000 idealistic ideas. But I don't see how it's feasible in any way, closing ancient bug. These are still mentioned in wiki if needed: https://wiki.apache.org/spamassassin/TrustNetNotes
Comment 4 Kjetil Kjernsmo 2019-07-08 09:25:03 UTC 
Hehe, yeah, I suppose we all did think it would just happen real quick back then... :-) I'm fine with closing the bug, but I'll also note that the dream isn't dead, I've pretty much returned to some of the same thing now, after all these years. Now it is called the Solid Project: https://solid.inrupt.com/
And we're actually a pretty well funded startup working on this. 

This was also before SA 3.0, so we didn't have the plugins that SA now has. Thus, if Solid is successful, I'll just run along and write the plugin. The hard part is making Solid scale, if it does, then an SA plugin is a trivial matter. 

So, one of these days, it'll just happen! :-)
Comment 5 Henrik Krohns 2019-07-08 09:32:23 UTC 
(In reply to Kjetil Kjernsmo from comment #4)
> Hehe, yeah, I suppose we all did think it would just happen real quick back
> then... :-) I'm fine with closing the bug, but I'll also note that the dream
> isn't dead, I've pretty much returned to some of the same thing now, after
> all these years. Now it is called the Solid Project:
> https://solid.inrupt.com/
> And we're actually a pretty well funded startup working on this. 
> 
> This was also before SA 3.0, so we didn't have the plugins that SA now has.
> Thus, if Solid is successful, I'll just run along and write the plugin. The
> hard part is making Solid scale, if it does, then an SA plugin is a trivial
> matter. 
> 
> So, one of these days, it'll just happen! :-)

Cool. Just remember that SA should only support things that are already widely adopted and standardized. Of course nothing prevents releasing a 3rd party plugin out there at first. Good luck! :-)
Comment 6 Kjetil Kjernsmo 2019-07-08 09:56:22 UTC 
Sure! A social network doesn't have any value before it is widely adopted anyway. Also, with Tim Berners-Lee at the helm, Solid is likely to go through standardization within the W3C, so that's part of the project.

So, the problem is to have people use Solid, that's what we're working on.