First of all it should be shared over a closed XML feed. We can use drupalIds and a special role to secure the ahraing (we dont want spammers to learn from our tokens). Both peers need to confirm sharing. If I remove something on my side, the XML feed must dictate (or propose) deletion on the other sides too. Otherwise it would be an ever growing blob.
It sounds like a great idea, but what prevents a spammer from setting up a Drupal site, asking nicely for trust, and getting first hand updates of our spam tokens? And if the effort is shared between CMSes, then all a spammer needs to do is set up one fake site with any of the participating engines. In my opinion, any widespread anti-spam tool will get into the hands of spammers, there's no way around that. However, as the spam tokens become more refined, it will be harder for a spammer to circumvent them (although I don't doubt the smart ones craft their messages programmatically). So I don't see why we should go through all this trouble of trust and authentication, when simply making our spam tokens available for everyone will have the same net effect... Steven Wittens