Table of contents
About this "scratchpad"
This page is meant to give an insight on the ideas that currently exist regarding the blacklist manager. It's not well structured and should be taken more as some kind of scratchpad that is used to gather the main ideas. This list is work in progress and will most likely change every now and then.
Outlines for blam application development
- hold the requirements as low as possible
- should also work without having a real database such as MySQL (storing data could be done in some kind of flat file database or something like that)
- try to be compatible to virtually any blogging solution that you could host yourself on your server (such as Movable Types, WordPress, b2, and so on)
- emphasize on "create a web of trust" and "avoiding single point of failure" ; the whole solution won't work properly if it can be attacked by spammers
Feature wishlist for the blam application
- allows management tasks for the local blacklist, such as adding new patterns, removing old patterns
- has some kind of address book that holds URLs of "foreign", trusted blacklists
- allows to query for changes that recently have been made to trusted blacklists, and shows the diffs; example:
Look, Dave, Adam has these three new patterns, and Berta removed those patterns from her list since we last checked
- allows to import those changes to the local blacklist, with testing the result before import (see next item)
- allows to check if a new pattern would match an already existing (and thus expectedly wanted) comment which can be found in the actual database of the used blogging solution; this will need the implementation of an interface to different blogging solutions and their database structure, of course, and should be an optional function
- allows to query the sources of trusted blacklists which other blacklists they trust; for example:
bob: hey, adam, which other blacklists do you currently trust?this could be achieved with a simple XML-RPC API or FOAF or something like that.
adam: bob, i'm trusting your blacklist and the one of charleen which can be found at http://www.blogofcharleen.net/blacklist
bob: thank you, adam. i'll take a look at them.
- supports import from and export to different formats, ideally by using plugins; this way we are flexible to react on currently available and possibly upcoming formats for blacklists and blacklist-like information.
- optionally allows public access to the local blacklist
- if the local blacklist is public: allows to list the URL of the local blacklist in a central directory in order to support the creation of the "web of trust"
- optionally allows to ping the central directory for every changes to the blacklist, which could be used as a method to recognize new upcoming spamming waves
- slave-mode: automatically synchronizes to one or more master list; useful for cases where either one person is running more than one blog, or where one person is technically responsible for many blogs. (idea contributed by Jay Allen)
Ideas for data formats and protocols
We might need the following things:
- A way to ask a trusted blacklist source for their list of trusted blacklists. This could be done with a little XML-RPC api, or maybe implemented with something like FOAF or our own RDF-format
- A XML/RDF format that allows to save and exchange blacklist information, such as listed item (keyword, url, e-mail address, IP address, and so on), a timestamp that indicates when the pattern was added, a comment for the item, and so on.
Ideas for a blam "portal"
Portal might sound too sophisticated. The idea is simple: even when having the tools to build up a "web of trust", this process will need some kind of catalyst. A central place that could be used as point to start from with implementing the usage of a blacklist for your own blog.
It might be a good idea to host a central blacklist, as currently is done by Jay Allen for his MT-blacklist plugin. This could be used as a base to start from, or help people who don't find the necessary time to manage their own customized blacklist.
Some kind of "yellow pages" that enables to find other blacklists you might consider trustworthy.
The blam application optionally could ping the central site to inform about recent changes. This feature could be used to monitor the actions that are taken within the web of trust, thus providing some kind of early warning system for upcoming new spam waves.
This isn't necessary at the moment as Jay Allen does a great job in this section. But I'd like to keep this idea in mind nevertheless, who knows if it might be useful at a later time.
Of course a blog would be useful, for several reasons:
- to inform about the development that occurs inside the blam project
- to inform about spam-fight related news in the bloggosphere
- to issue warnings and other messages that might be helpful for the users of blam