On Sat, 2 Oct 2004 21:05:49 -0400, John Leslie wrote:
Having a class/state assertion rather than a quality
assertion makes for a simpler solution. Allowing a
flag that indicates an affiliation to a group that
assures BCP regarding the sending of mail seems like
a good way to go, hence the term accreditation.
Doug makes a reasonable case for this extension. Dave, I
think, is less enthusiastic. How do others feel?
just to add this to the thread, for reference:
Accreditation is a new topic. It is so completely tied to human
and organization issues that I expect it to prove to be extremely
difficult to do a thorough job of. Also, I think there is an
important technical constraint, namely limitations on what is
reasonable to expect of a receiving SMTP server to perform in
real-time, when there is a potentially large flow of incoming
messages.
I tend to use ATM/credit card information services as an exemplar
for mail accreditation. For real-time transactions, there is an
'approval' mechanism. It returns a yes/no. For major
transactions, there is a 'reporting' mechanism that supplies a
large amount of source material; the assessment of approval is
left to the requestor.
For real-time decisions by receiving SMTP servers, I believe we
should provide a very simple rating system. It should give an
explicit recommendation, rather than supply any sort of
descriptive attribute/value information about the domain name
under inspection.
Also, by hiding all of the information the rating service uses to
return a yes/no, and by keeping the mechanism so simple, there is
a chance we can ship something reasonably soon.
The current DNA proposal has 5 values, where 0 is 'don't know'.
That is more than yes/no, but not much.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker(_at_)(_dot_)(_dot_)(_dot_)
brandenburg.com