Steve Atkins wrote:
On Nov 29, 2008, at 10:14 AM, Michael Thomas wrote:
Steve Atkins wrote:
On Nov 29, 2008, at 9:20 AM, Michael Thomas wrote:
Even if you could do something clever here, would it make much if
any operational difference? I got the impression from Mark Delany at
Y! that mailing list traffic is a drop in a very large ocean. I'm
guessing
that bulk mail is probably higher but still pretty much noise level to
large providers.
Without explicit whitelisting in place, wanted bulk mail (mostly
broadcast mail) is one of the biggest components of false positives
in spam filters (due to both traffic patterns and content).
Large providers expend quite a lot of effort to ensure delivery of
wanted bulk mail. If there were a magic wand they could wave
that would make all that free (or at least trivially automatable) then
they'd leap at it. That doesn't mean there's huge pent-up demand
for it, as the manual whitelisting approach mostly works, but there's
not total disinterest either.
Well, it seems with bulk auth (spf/dkim) getting to be pretty common
for the whitelists, the work you allude to must mainly be in other areas
of the overall problem?
That sort of auth gives you the identity of the author, but that's just
the first aspect - necessary, but not sufficient. Reputation is another
aspect to that - how do you decide whether mail from that author
is wanted mail? And how do you differentiate between wanted
mail and unwanted mail from the same author?
Well DKIM can give you both fwiw. I'm not sure how reputation
maps to "wanted" or not since there's a non-trivial amount of "unwanted"
bulk mail by users who don't know/want to get off a list they had signed
up for. The bulk mailer can be squeaky clean and still have that problem,
of course.
There are some obvious approaches - manual vetting, wait for
mail to be delivered and track the reputation and so on - and they're
in use. But they're not cheap to do, and they don't work that well,
especially in the case where the same author sends mail that's
perceived in different ways be recipients. I know dozens
of FTEs who work on, basically, this stuff.
But this sort of thing could be largely outsourced for a price, right?
Assuming that you did that, couldn't the mail provider's spam
button (aka the "I don't want this" button) feedback to that service
if it's on the white list who in turn provides feedback to the bulk mailers
to remove them from their mailing lists?
They also don't scale well, in terms of number of interacting parties,
which tends to leave small senders out in the cold.
Or is it the case that the care and feeding of
the ESP's whitelist is onerous too? If a large component is the latter,
you'd think that would be pretty easy to outsource to the enterprising
minded.
I'm not sure what you mean by ESP's whitelist there.
ESP as in Y!, etc. Not the bulk senders.
The reason for that is that it is extremely difficult to distinguish
wanted bulk mail from unwanted bulk mail. Knowing whether a
particular message was solicited or not is a very useful
data point in making that decision.
Yeah, sure. I'm not even sure "solicited" makes a useful distinction
either, since those arguments usually devolve into legalistic claptrap.
If you think of the "junk" button in terms of "I don't like this" for
whatever reason, we might make some progress in teasing out people's
fickle intents. You'd think that legitimate bulk mailers would have a
pretty big incentive to heed a consistent "I don't like this" to one of
their lists/campaigns/whatever so as not to harm their overall reputation.
Assuming that the feedback loop was completed, of course.
Mike
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg