SA Bugzilla – Bug 3408
FOAF-based whitelists
Last modified: 2019-07-08 09:56:22 UTC
Perhaps this is not the time to report new enhancements, but it was now it came into my brain... :-) I'd like to see a white-listing mechanism based on "Friend of a Friend": http://www.foaf-project.org/ FOAF is a big RDF-based project where you mark up your relationships with your friends, who is a again marking up their relationships, ad infinitum (almost) :-) So, you get extensive web-of-trusts, and since spammers have no friends they're not going to be in there... A tool to traverse the web of trust and build whitelists would be great. It is to be noted however, that to avoid the problem of spammers taking advantage of e-mail addresses in FOAF-files, they have been hashed, so SA needs to compare the hash. In fact, Dan Brickley, the W3C RDF Interest Group Chair, has allready done a lot of work on this, see http://www.w3.org/2001/12/rubyrdf/util/foafwhite/intro.html In fact, I found a few weblog comments by Dan where he indicates he has a working SA implemention: http://www.intertwingly.net/blog/1410.html#c1060101601 so I guess this could mean that a full SA implementation quite easily achieved.
Subject: Re: New: FOAF-based whitelists -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd very much like to see this -- an SpamAssassin 3.0.0 plugin would be the best way to do this, as it can be developed and distributed outside the core SpamAssassin distro. Note that one failing of simple addr-based whitelists is that spammers will forge addresses; ie. they often fake spam with the same From and To addrs, assuming that the recipient will have their own address(es) in their whitelist. This can be ameliorated however by requiring that the From addr have a corresponding SPF record. - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFAqy2nQTcbUG5Y7woRAp09AJ40+DitXNPM41LM+1G/kdLzMeXdNgCgnOM/ sR0c3ue+RsunVQbrSS0pqUg= =/D0v -----END PGP SIGNATURE-----
move bug to Future milestone (previously set to Future -- I hope)
Gotta love these early 2000 idealistic ideas. But I don't see how it's feasible in any way, closing ancient bug. These are still mentioned in wiki if needed: https://wiki.apache.org/spamassassin/TrustNetNotes
Hehe, yeah, I suppose we all did think it would just happen real quick back then... :-) I'm fine with closing the bug, but I'll also note that the dream isn't dead, I've pretty much returned to some of the same thing now, after all these years. Now it is called the Solid Project: https://solid.inrupt.com/ And we're actually a pretty well funded startup working on this. This was also before SA 3.0, so we didn't have the plugins that SA now has. Thus, if Solid is successful, I'll just run along and write the plugin. The hard part is making Solid scale, if it does, then an SA plugin is a trivial matter. So, one of these days, it'll just happen! :-)
(In reply to Kjetil Kjernsmo from comment #4) > Hehe, yeah, I suppose we all did think it would just happen real quick back > then... :-) I'm fine with closing the bug, but I'll also note that the dream > isn't dead, I've pretty much returned to some of the same thing now, after > all these years. Now it is called the Solid Project: > https://solid.inrupt.com/ > And we're actually a pretty well funded startup working on this. > > This was also before SA 3.0, so we didn't have the plugins that SA now has. > Thus, if Solid is successful, I'll just run along and write the plugin. The > hard part is making Solid scale, if it does, then an SA plugin is a trivial > matter. > > So, one of these days, it'll just happen! :-) Cool. Just remember that SA should only support things that are already widely adopted and standardized. Of course nothing prevents releasing a 3rd party plugin out there at first. Good luck! :-)
Sure! A social network doesn't have any value before it is widely adopted anyway. Also, with Tim Berners-Lee at the helm, Solid is likely to go through standardization within the W3C, so that's part of the project. So, the problem is to have people use Solid, that's what we're working on.