My issue with this is something else - if all of this becomes prevalent
enough, aren't we essentially raising a barrier of entry for new domains
on the Internet? Doesn't such accredidation service essentially become a
gatekeeper for the Internet?
My belief - which makes some assumptions about how accreditation is
implemented - is that the barrier to running your own mail server will go
up, but not necessarily having your own domain. Many people today have a
domain and outsource all aspects of running it to some other organization
(or organizations). By aggregating small domains an outsource provider
should be able to keep the prices close to what they are today.
One thing that I noticed that has not been widely addresses in accreditation
discussions, and which I think should be addressed, is controlling the
reward side of the spam equation. If you can accredit the mail servers and
the sending domains separately, then a receiving system can reasonably know
that mail originating from clients of example.com from the set of servers at
"small.example.com" are limited to some number of messages per day.
If you can control the reward side of the equation, then sending domains
using outsourced providers don't need much in the way of an accreditation -
they just need to state "we use small.example.com", which for a small sender
tells the receiver something really useful. You can also envision something
along these lines without actually outsourcing - an ISP that is accredited
to limit SMTP traffic coming out of their network on a per client basis.
This does presume that there is a specific accreditation for mail service
providers of all kinds. There are other types of organizations that could
also benefit from industry specific accreditations as well - financial
organizations and political/free speech organizations spring to mind
immediately.
Just to be clear, I am not assuming that the accrediting agency attempt to
guess volume when accrediting and monitoring organizations that run mail
servers. I'm assuming they have a contract that permits them to walk in to
the network center and investigate when ever they want, and some sort of
audit process.
What I have outlined here primarily addresses the needs small commercial
domains that are already outsourcing their mail services for a variety of
technical and business reasons. It does not address the small mail or list
server run by a knowledgeable individual. Do the puzzle type solutions cover
this case?
Margaret.