Any way to P-T-P Distribute the RBL list

Distributing an RBL list is the easy part. There are a
variety of methods in place that can provide sufficient
reliability and are sufficiently anonymous or difficult to attack,
such as Usenet and Freenet and Gnutella and probably Kazaa,
and it's not too hard to develop efficient data formats
for baseline and incremental update and detail records
(easier for IPv4 blocking than IPv6 :-),
and you can use PGP or other digital signatures
to protect the integrity of the transmission. SMOP...

There are some problems with broadcasting the list as
opposed to doing transactional interaction -
a list of "mis-configured open relays or proxies with updates"
is not much different from the spamware spammers' products of
list of new still-usable open relays. (It's a bit less useful,
because they know that some people are blocking them,
but they also know that lots of people aren't.)

The other half of the communications process is harder -
getting the information on spammers to the list maintainer
without exposing the list maintainer to attack.
A simple usenet group or IRC channel can be flooded,
and email can be mailbombed, and the obvious way to do it
is with bogus spam reports to reduce the integrity
of the information. And some of it's an arms race,
e.g. spammer submits a purported open relay to list-manager
the list-manager's tester tests the "relay",
and the "relay" captures the tester's IP address for DDOSing.

There are spam-reporting reputation systems -
Cloudmark and Vipul's Razor do some of that, if imperfectly,
or simple subscriber-only systems can stay below the radar
(even though they'll have some spammers subscribing...)
and you could probably build one that was P2P for a bit more safety.

Why stop there ?

The generating of the list itself can be a P2P thing too.

You could peer with a group of people you trust and exchange the
list of IP addresses that send crap into each other's spamtraps.

Then block IP addresses that have sent crap (measured by SA?) into
the spamtraps of multiple people, or come up with other nice metrics.

I'm sure you can come up with all kinds of tricks here.

I started a project with this goal a while ago, but to my shame it
still hasn't moved beyond the "spamtrap fed blocklist" stage yet,
we simply haven't gotten around to writing the p2p parts yet. ;(

I'd appreciate help though :wink:


Hi Rik

You may to have a look at "Vipul's Razor"

(from: <> feature #8)