ietf-asrg
[Top] [All Lists]

[Asrg] A Vouch By Feedback proposal (was: VPNs)

2009-07-07 06:29:05
Vouch By Feedback could be a useful modification of the Vouch By Reference standard, if it didn't break its installed base.

VBF adds a DNS record pointing from the vouched domain to the vouching server email address. It could be an RP RR type, where the address is meant to receive the message/feedback-report (AFR) complaints. Web is-spam buttons direct reports to the ESP, who should forward them to any sender's vouching service. Clients who implement FBLs might send them to the relevant voucher directly. Vouchers, in turn, shall forward reports to the accountable originating ESP. The latter shall ban guilty users from sending for an amount of time proportional to the number of complaints. If the voucher sees complaints against users who should have been banned from sending, it shall suspend its vouching service for the relevant sender.

The second difference, the one that breaks compatibility, is that it would be more meaningful if the content of the _vouch TXT RR were a timestamp, rather than the type of message. Rehabilitated ESPs will get a new timestamp. That way, a recipient can quickly discern a long and honorable service from may-be-spammer newbies, and whitelist the former.


Bill Cole wrote:
The overwhelming majority of mail I am offered by the Gmail outbounds is spam. Google has played games with how they will accept abuse reports, giving the appearance of not really wanting them.

I keep hearing differing opinions on that. At least, it should be "benign spam", in the sense that the sender is identifiable, unlike botnets' "malign spam".

Benign spam is indeed that kind of social phenomenon that some say about spam in general. It is too easy to give way to the temptation of advertising something that one believes in. Decent or better ESPs can control such phenomenon by educating or mildly punishing their users. Users who sent to honeypots after they bought an illegal Maddress CD should be punished more severely.

In my direct experience working on middling corporate mail systems and dealing with people handling much larger cheap/free "consumer" mail systems, I had some tests of whether they cared about how we treated their mail, and saw no sign that they did. At least some don't even seem to care when fairly prominent corporations urge their smaller business partners to avoid their non-free mail service. What they care about in getting their users' mail delivered is the dozen peers to whom they send 80% of their messages and maybe the next score down in size that handle another 15%. It's not rational for them to care about systems with 10k users or less.

By the same argument, middling mail system don't expect that anyone would subscribe to their FBL, even if they offered it prominently on their web sites. As I have such a tiny mail system, nobody would care to spend their time on whitelisting it, even if I could offer any required guarantees (let alone the time to look at them.) Doesn't that affect network neutrality, or even democracy, some way? We can take care of minor mail domains by automating whitelisting and FBL subscriptions.

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>