Those two sections above are self-contradictory. Blacklists are
accountable to MTA operators. If MTA operators choose not to use a
specific lists, it won't be capable of forcing itself down their
throats.
The problem an ISP faces is that often the first time they know about
a blaklist is through a user complaint. They have absolutely no way of
knowing whether the arrogant $#@(% they then have to deal with is
serving a hundred major ISPs or one lone end user.
The ISPs will not reveal which blacklists they use after the MAPS
experian lawsuit. At the FTC workshop the three blacklists there could
only give one reference customer between the three of them - and that
took time to work out.
I am not aware of any DNSbl that blacklists ISPs for the
simple reason that they don't use the DNSbl in question. DNSbls *DO*
have reputations, which affect how many people are willing to
use them.
Oh I am. There was the guy in New Zealand who listed his own ISP because
they sent him a dunning letter for not paying his connect fees...
Yes there is a reputation mechanism, but today it is anecdotal word of
mouth. There are no empirical surveys looking at this thing. The few
surveys that appear tend to focus on the wrong measure - amount of
spam stopped. How fast they react to wrong listings, how many wrong
listings they have is not being given enough weight.
Sure there are reputations, but there is very little feedback from
actions to reputation and not all that there is is particularly good.
I think it is better to have the sender say what they their sending
policy is. If they state outright 'I send unsolicited mail
to anyone I
choose' then recipients get to say no. If they say 'I send only mail
to people who ask for it by quintuple opt-in' and someone catches
them spamming, well they chose the empirical test that they failled.
The problem with that is that almost *EVERY* spammer^H^H^H^H^H^H^H
"legitimate marketer" makes that claim, so it's useless. This would
allow them to take make one spam run, morph domain name, make another
spam run, repaet, rinse, lather.
That is something that will have to be fixed. There are some good ways
you can fix it. Bonds being one example, if you design the scheme right
the upfront cost to the sender is small, unless they are a spammer in
which case it will be huge.
This gets into an area where proprietary advantage comes into play. I have
some ideas as to how I can do this in a way that avoids the issues you
raise. Its a bit like the filter vendors at the MIT conference, you give
away just enough of an idea.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg