ietf-clear
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-clear] CSV in action

2004-10-11 12:12:28
from [Matthew Elvey] [Permanent Link] 
Let me try to answer this in the form of a suggested addition to the FAQ:

Q: Why does CSV allow the sender to specify the reputation services that 
will vouch for it?
A: It's an efficiency thing.  The sender does this, but the receiver 
will only look up the reputation at reputation services it respects.
This is more efficient than the sender checking for a reputation with 
all the reputable reputation services it knows about.
If the sender specifies a disreputable reputation service or a 
reputation service that itself lacks a reputation, it will be ignored.


It's more efficient given the (IMO valid) assumption that there will 
typically be more reputable reputation services than reputable 
reputations of a given FQDN. I anticipate a dozen or more of the former 
and just a few of the latter will be typical.


On 10/10/2004 9:46 AM, Mark sent forth electrons to convey:


John Leslie wrote:

 


Mark <admin(_at_)asarian-host(_dot_)net> wrote:
   


I am noy clear about the reputation services, though. Are any of them
even existent?
     


  I'm not aware of any reputation services which attempt to report
on all domains which publish CSV SRV records. (There are periodic
discussions whether such services are in-scope for discussion here:
stay tuned...)

  There are definitely accreditation services which report on domain
names (as opposed to IP addresses). Any of these could easily report
in the DNA TXT format, if they don't already.
   




Thanks for your reply. One thing still remains fuzzy to me. :) The FAQ has
the following section:

--------------------------------
mailhost        IN      A       199.201.159.9
               IN      PTR     _vouch._smtp.csv_vouch
_client._smtp.mailhost  SRV 1 2 0 mailhost

saying that mailhost.jlc.net is authorized as an SMTP client, and that the
list of IP addresses is not empty; and saying that the csv_vouch.jlc.net
reputation service will vouch for it. (Not surprisingly, csv_vouch.jlc.net
reports an "excellent" rating.)
--------------------------------

Indeed, "not surprisingly". I mean, what is the point of (being allowed to)
point to an reputation service of your own choice? Yea, of your own making
even? Then people will just do what you did: set up an extra record for
themselves, and give themselves a big A+.

I currently use rating.cloudmark.com as reputation service for incoming mail
(non CSV related). But it serves as a jumping board for my question: should
not the receiving end decide/choose who they select to ascertain your
reputation? I must be missing something.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-clear] CSV in action, Mark
Next by Date:  [ietf-clear] "Registering" unauthorized MTAs, John Leslie
Previous by Thread:  [ietf-clear] CSV in action, Mark
Next by Thread:  [ietf-clear] CSV in action, John Leslie
Indexes:  [Date] [Thread] [Top] [All Lists]