----- "Steve Atkins" <steve(_at_)wordtothewise(_dot_)com> wrote:
On May 26, 2009, at 3:36 PM, Franck Martin wrote:
I'm curious to see if the feedback loop mechanism could be extended
using DKIM. The concept may have many issues, but I want to see if
it is a stupid idea, or if it would have some merit.
The system would be for the sender to include in the dkim mechanism
an FBL-email: header wich would tell the receiving mail system where
to send an ARF email if the recipient hit the spam button.
This would provide a mechanism similar to FBL but allowing small
receiving mail systems to participate.
FBLs as currently implemented don't work very well except for webmail
and AOL, because there's no UI support for it elsewhere.
It is also very heavy to have a FBL program this is why only a few ESPs offer
feedback loops. I'm not sure it is something feasible for an organisation with
a substantial number of users, like universities or small ISPs.
Without some sort of MUA support, I think it's pretty much a non-
starter (though there are a bunch of startups and projects that
disagree with me and try and do similar things by annotating the email
itself at the MX).
Yes there must be MUA support. So what will come first, the chick or the egg,
the protocol, or the mua support? ;)
Are you thinking that this would be something that could be handled
by, for example, an Outlook or Thunderbird plugin, without necessarily
needing any support from the receiving ISP?
Yes this is definitively a possibility. There is a spam button in many Mail
clients , code could be altered.
In webmail, this could be better handled by the server, in some mail clients
like zimbra, the spam button send a copy of the message to the learning engine
on the mail server.
I think some stats show that 30% of people hitting the spam button,
really means, unsubscribe me from this mailing list.
Also, mail footers with remove links, are either not read or are not
trusted by the recipient, I think, it is safer to hit the spam
button, than to click on the links.
The List-Unsubscribe header is nearly as trustworthy as a DKIM signed
FBL-Email header as far as communicating a desire to receive no
further email is concerned, and it's been around forever, yet there's
not been that much MUA support for it so far. I'm not sure whether
that's because of a lack of desire or just due to the overly vague
specification of List-Unsubscribe and friends.
The trouble with the List-Unsubscribe: is that it usually contains an URL and
no mail client understand this header and it could be faked.
By sigining the FBL-email: header it would give a certain level of
trust, that there is a mailbox at this address and that the mailbox
has been set to process ARF emails. The FBL-header must be DKIM
validated, otherwise it would not be helpful at all.
Presumably there'd be some constraint to prevent a (DKIM-signing)
spammer putting some random third party email address in there too.
Yes, but DKIM would bring better trust than a non validated List-Unsubscribe.
Beside if you have allowed the email to come in, despite the reputation around
the dkim domain, I think you can trust in the same way the email to send the
report to.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html