From: "Olson, Margaret" <molson(_at_)roving(_dot_)com>
...
I completely agree with your premise - that the spam is defined by the mail
recipient, and what to deliver is a decision that should be made by the
recipients and their agents. But the current tools for doing this are
inaccurate and prone to being arbitrary.
It's strange (or not) that the people who we agree are the only ones
with standing to comment on the current tools, mail recipients, do
not agree that they are either inaccurate or prone to being abitrary,
except that they complain that the tools do not block enough.
Almost the only informed people who say that the current tools are
inaccurate in blocking too much or prone to being arbitrary are senders
of unsolicited bulk email. Most of the exceptions are people who have
purchased services from ISPs selling IP addresses that are less
expensive and less valuable because they are associated with spammers.
The ESPC proposal gives you secure identity, a performance rating, and
source information (kind of consent) on which to base a decision to accept
or reject mail.
We already have all of those mechanisms that makes sense for ESPC
members. Mail from ESPC members already includes practically unforgable
identifying tokens. Those tokens are the IP addresses of their SMTP
clients or sending machines. Those tokens and your domain names are
what we use to decide to reject or accept your spam for our own mailboxes
and the mailboxes of our clients.
You can judge the performance rating of both the originator
and the sending server. If you want to accept only confirmed opt in and
person to person mail, you can do that. The performance rating penalizes
senders and their agents for lying.
Because of past performance, people running SMTP servers are unlikely
to accept the word of the ESPC or its members about "confirmed opt
in" or anything that might be called a performance rating. Besides,
we already have mechanisms to rate the performance of bulk mail senders
including the ESPC members. That's why and how you are blacklisted.
As an asside, notice the odd notion of "person to person mail" from such
as Roving.com and Topica. Why would a bulk mail service bureau be involved
in what the rest of us might call "person to person mail"? The only
reason I can see is that it is not what the rest of us call "person to
person mail," and that is emblematic of the problems of the ESPC members.
We are not telling anyone what they have to deliver, or trying to dictate
policies to ISPs. Nor are we telling you what spam is - that is for you to
decide. My opinion is irrelevant.
Nonsense. Your goal is to try to get more of your bulk mail accepted
(i.e. tell us what must be delivered). You are trying to modify ISP
policies that now block your bulk mail, which is to say you are trying
to dictate policies to ISPs. You are also trying to adjust the
definition of spam to exclude unsolicited bulk email such as the stuff
you sent me yesterday. If you thought your opinion about all of this
were irrelevant, you are sophisticated enough to have not offered it.
The ESPC business demonstrates the vacuity of using authentication to
prevent spam. Whether the ESPC members add SMTP X headers, MIME parts
containing signatures, or do anything else to their mail, it and they
will remain what they are, and just as obviously. The ESPC members
would pay any likely fee for any likely Verisign certificate or
authentication hardware, but that would not change the nature of their
mail or its disposition.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg