By Stas Bekman.
Published: May 15th 2006
Since whatever new techniques were invented to circumvent spam were either successfully defeated by spammers or weren't accepted by the Internet users, new solutions keep on coming up. The very recent idea (circa 2005) is to implement reputation control to control undesired email.
The idea is quite simple and parallels can be easily found in our non-electronic society. You start with no reputation (neutral score) and you attempt to send an email, the receiving party accepts your email and analyses it and assigns you a score. If your email is found to be legitimate -- your score improves, if not - you score is reduced. As you send more email your score stirs away from the neutrality towards the positive or the negative direction. When you cross a certain point in the positive direction (legitimate mail) further messages from you are whitelisted (accepted without extra checks), when you cross the line on the negative side (undesired email), your emails are automatically rejected.
It's up to the implementers to decide how to go about the score generation. They could use any and all of the techniques presented in this article. In addition other inputs can be used, such as: the email volume, user complaints, failed unsubscribe requests and many more. The more information you can collect about the sender the better score is assigned. Different metrics could be combined using different weights.
Here are some vendors supporting this technique (including open-source solutions):
Habeas SenderList (http://www.habeas.com/en-US/Receivers_SenderIndex.php)
Reputation Filters (http://www.ironport.com/products/reputation_filters.html)
Email Firewall (http://www.f-secure.com/products/appliance/email-firewall.shtml)
Please notify me if you know of others.
And here are some pointers for additional information on the subject:
up a bad e-mail reputation (http://news.com.com/2102-7355_3-6065558.html?tag=st.util.print)
Mail Flow Control (http://www.ironport.com/pdf/ironport_c60_rep_based_paper.pdf)
Spam with Reputation Systems (http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=346)