From: Matthias Leisi <matthias(_at_)astrum(_dot_)ch>
...
So, the idea must have already been realized somewhere: why not
build trustworthy Whitelists of accountable, responsible mail
hosts?
...
That has often been proposed, but I think it is impractical for
several reasons. One is that your whitelist is doubtless very
different from mine and every other whitelist.
Another fatal problem is that mobs are stupid and malicious, and moreso
the larger they are. Up to a perhaps a few dozen people, you can
trust everyone to be careful, sane, and have good intentions. With
a gross or more participants, you can be sure some are stupid and
incompetent and probably a few are malicious. With a few dozen or
fewer, you don't need fancy formal mechanisms. With a large group,
formal mechanisms cannot exclude the sloppy, lazy, or malicious.
Of course, as with blacklists, there are policy issues with such
lists, as the maintainer might face incentives adverese to
general interest, which would have to be sorted out in one way
or the other. ...
I believe there are no blacklists that involve a lot of people and
that do not have major false positive problems. The SBL comes closest,
but membership in its inner circle seems tight and carefully monitored.
] From: Clifton Royston <cliftonr(_at_)lava(_dot_)net>
] ...
] Would anyone consider it worthwhile for this group to put some focus
] on making existing email content analysis/filter tools (in particular
] anti-spam software) more interoperable?
]
] I suggest a useful step in that direction to be defining a standard
] for how they should utilize mail headers to announce the results of
] their analysis. Right now it seems that every program uses a different
] set of made up X-Headers in a different and incompatible way. (Well,
] except for ours, which uses "Comments:" headers in a different and
] incompatible way.)
] ...
That's another often proposed idea that I think makes no sense in
practice. A minor issue is the fact that differences among the X-
headers used by the many filters from SpamAsassin to blacklist taggers
are desirable. You want to be able to apply different criteria to
the answers produced by different filters. A DCC result is not
directly comparable to a SpamAssassin result.
It wouldn't hurt to have a little more consistency among the tags,
but it would be a bad thing to try to make them sufficently consistent
that they could be machine-parsed by something like a single regular
expression.
The major problem is that "spam" is a local issue. Even when
checked at the originating SMTP client (some ISPs use the DCC to
detect outgoing bulk mail), objectionable spam is determined locally.
There's no good reason for Microsoft to tell AOL what mail Hotmail
finds objectionable. A humorous proof of that was the recent hoohaw
over the Microsoft blocking.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg