the O(N^2) problem

Suresh Ramasubramanian ops.lists at
Mon Apr 14 07:09:22 UTC 2008

On Mon, Apr 14, 2008 at 11:50 AM, Steven M. Bellovin
<smb at> wrote:
> The risk in a reputation system is collusion.

Multiple reputation systems, each with their own reputation ..  Sed
quis custodiet ipsos custodes and all that ..

A lot of the "reputation" (aka "positive reputation") shall we say
work is heavily sender / ESP / bulk mailer etc driven.  And the
negative reputation stuff (blocklists like spamhaus etc) have been
around rather a long time.

So quite a few ISPs tend to rely on trusted negative reputation
systems (aka they'd use spamhaus) and build positive reputation
(whitelists) on their own, possibly tying this to auth systems such as

Suresh Ramasubramanian (ops.lists at

More information about the NANOG mailing list