ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: 3b. SMTP Verification - Reputation Systems and their Problems (Modified by Anne P. Mitchell, Esq.)

2004-03-08 11:04:23
On Fri, Mar 05, 2004 at 09:06:44PM -0500, Seth Breidbart wrote:
Who is supposed to determine that "successful passing of the
criteria"?

The process of being added to the list is indepedent of successfully
passing the terms listed.
It is "if we don't like your face we might not add you".

If you think you can provide a better list, go ahead.  Nobody is
claiming to own the concept of a list.

I didn't say it is a bad list.
I said such kind of lists are a bad thing in general. So why do you
think I'd be interested in operating "a better one"?

If you think you can find the most clever person in the world (so that
nobody else can ever find loopholes in her terms), I wish you luck in
the search.

Isn't that a funny thing?
They're going to give reputation for something they can't define? 
Isn't it like "company XYZ is one of the good guys, whatever they might
be doing".

How much time and money per complaint are you willing to spend to
investigate these cases?

As much as they feel is warranted.

No, they claim giving reputation. So if they want someone to believe them
they have to post rules they'll abide to. Just like VeriSign, Thawte,
Geotrust and all the other are giving some kind of reputation: they have
checked a list of facts and they certify that these facts are correct
according to their revision.
At the moment the IADB warrants nothing.

Again, if you think you can do a
better job, go ahead and do it.  If the mailadmins agree that yours is
better, nobody will use theirs.

Look, I feel like in a sandbox.
If I say something critical I get from you "nae nae nae ... do it better".
But there is nothing to be done better, because, as I said, IMHO such
kind of lists are an error in general. And I am writing this to share my
opinions with other people and to make them think about it.
So I am not interested in your "nae nae nae ... do it better" whatever.

Any service is dependent on its local law.

No it is not.

If you don't want to use
it, then don't.  Nobody says you have to.

If you want to use it do it, where is your problem? But tell us why you
want to use it?

Why?  You're making assumptions about the way mailserver admins will
operate, which are completely unwarranted.  We have no way of knowing
how they'll act.

Don't say "we" if you mean "I". The experience of block lists gave
enough examples, so for /me/ I am knowing enough. And I know enough
so called "mailserver admins" to know how they operate.

I suppose you need to buy accounts with every ISP in the world so you
can have the Markus.Stumpf@<every ISP> just in case somebody else
might get that userid and say silly things from it, too.

No, because Markus.Stumpf@<any ISP> does not have the same legal implications
trademarks (and not using them) have. And Joe Luser will not
try to reach me just by typing "Markus.Stumpf@<any ISP>" as an email
address, but zillions of clueless journalists have told the Joe Lusers
out there for nearly ten years now that the DNS is a search engine and
Joe Luser is naive enough to think that using  porsche.biz  (or
porsche.ctld) will really get him where he thinks.

Then the services running from that country will lose a lot of
credibility elsewhere in the world, and their competitors in other
countries will gain (relative) credibility.

Most Joe Luser Mailadmins will not even notice. I see the DNS queries
of a lot of mailservers run by customers. Monkeys.com DNSBLs are out of
order for some months now, but queries for them continue and that is
really an easy thing to recognize that they don't work any more.
Changes in the operation of a reputation database are hard to recognize
without tracking the terms of service all the time.
Oh and you really think they'll run around and tell everyone what some
secret service guys told them they have to do?

I don't see any organization other than your shutting down because in
_your_ opinion they failed.  I have seen organizations
(e.g. anon.penet.fi) shut down because in the opinions of _their
operator_ they failed.

So what? I am asking what their opinions would be in such a case and
whether they'll think they have failed.

Then don't trust them.

I don't. So what's your problem?
I am simply listing pitfalls that arise from trusting in those kind of
lists.

With all that contra arguments of yours where is your argument "pro"
such a list? That's what I am missing all the way through your email.

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>