[drupal-devel] Dealing with spam (was rel=nofollow)

Morbus Iff morbus at disobey.com
Thu Jan 20 14:11:35 UTC 2005 

> What I /do/ beleive will be a great improvement is p2p sharing of the filtered 
> tokens, regexps et al. I discuseed this on IRC lately, and Morbus had some 
> great ideas on this.
> 
> First of all it should be shared over a closed XML feed. We can use drupalIds
 > and a special role to secure the ahraing (we dont want spammers to learn
 > from our tokens).Both peers need to confirm sharing. If I remove > 
something on my side, the XML feed must dictate (or propose) deletion on
 > the other sides too. Otherwise it would be an ever growing blob.

Exactly. Restating:

  a) SiteA and SiteB both want to share their spam filters.

  b) user at SiteA signs up at SiteB site; user at SiteB does the opposite.

  c) both users configure their site to accept "trusted"
     spam filters from the user of the other site. if either
     user hates each other one day, they can just remove this
     trusted link, and their site will no longer accept (new/
     deleted) spam filters from that user.

  d) user at SiteA configures his spam filters to be "uploaded to
     SiteB under the login user at SiteA"; user at SiteB does the same.

  e) whenever a spam filter changes, Drupal's distributed auth
     kicks in: SiteA distributed-auths to SiteB as user at SiteA,
     and uploads the new spam filters. Since SiteB has trusted
     user at SiteA (in step c, above), the spam filters are processed.
     If SiteB does not trust this user, the spam filters are ignored.

The distributed auth part is important and removes the need for 
cryptographic keys like in PGP (it doesn't, however, remove the man in the 
middle attack - someone could still intercept the distributed auth and 
delete/add their own malicious filters. however, this possibility ALREADY 
exists in Drupal's distributed auth system, so it's not anything new).

The distributed auth is also important because it is blatantly obvious 
spammers do their research: they know about Bayesian filters, so they send 
out garbage text to try and confuse them. They know about Spamassassin 
rulesets, so they tweak their mailers specifically to circumvent them. 
They know about RBLs, so they piggyback off of installed trojans. With 
distributed auth, the rulesets are ONLY known between the trusted sites - 
there's no public sharing of them for spammers to learn from and adapt. 
Likewise, each group of trusted sites will have different rulesets.

-- 
Morbus Iff ( you are nothing without your robot car, NOTHING! )
Culture: http://www.disobey.com/ and http://www.gamegrene.com/
Spidering Hacks: http://amazon.com/exec/obidos/ASIN/0596005776/disobeycom
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus

More information about the drupal-devel mailing list