Let me try to answer this in the form of a suggested addition to the FAQ:
Q: Why does CSV allow the sender to specify the reputation services that
will vouch for it?
A: It's an efficiency thing. The sender does this, but the receiver
will only look up the reputation at reputation services it respects.
This is more efficient than the sender checking for a reputation with
all the reputable reputation services it knows about.
If the sender specifies a disreputable reputation service or a
reputation service that itself lacks a reputation, it will be ignored.
It's more efficient given the (IMO valid) assumption that there will
typically be more reputable reputation services than reputable
reputations of a given FQDN. I anticipate a dozen or more of the former
and just a few of the latter will be typical.
On 10/10/2004 9:46 AM, Mark sent forth electrons to convey:
John Leslie wrote:
Mark <admin(_at_)asarian-host(_dot_)net> wrote:
I am noy clear about the reputation services, though. Are any of them
even existent?
I'm not aware of any reputation services which attempt to report
on all domains which publish CSV SRV records. (There are periodic
discussions whether such services are in-scope for discussion here:
stay tuned...)
There are definitely accreditation services which report on domain
names (as opposed to IP addresses). Any of these could easily report
in the DNA TXT format, if they don't already.
Thanks for your reply. One thing still remains fuzzy to me. :) The FAQ has
the following section:
--------------------------------
mailhost IN A 199.201.159.9
IN PTR _vouch._smtp.csv_vouch
_client._smtp.mailhost SRV 1 2 0 mailhost
saying that mailhost.jlc.net is authorized as an SMTP client, and that the
list of IP addresses is not empty; and saying that the csv_vouch.jlc.net
reputation service will vouch for it. (Not surprisingly, csv_vouch.jlc.net
reports an "excellent" rating.)
--------------------------------
Indeed, "not surprisingly". I mean, what is the point of (being allowed to)
point to an reputation service of your own choice? Yea, of your own making
even? Then people will just do what you did: set up an extra record for
themselves, and give themselves a big A+.
I currently use rating.cloudmark.com as reputation service for incoming mail
(non CSV related). But it serves as a jumping board for my question: should
not the receiving end decide/choose who they select to ascertain your
reputation? I must be missing something.