--- Sam Hartman <hartmans-ietf(_at_)mit(_dot_)edu> wrote:
I'd like to ask us to think particularly about the impact of this
attack on business models of medium sized ISPs. Fundamentally few
people are going to block all mail from AOL,, Yahoo, Gmail or the
like. However smaller ISPs have been subjected to a wide variety of
problems with various blackhole lists. Sometimes this was because
they were doing something wrong, sometimes the blackhole lists were
doing something wrong. There's a lot of debate about where the right
balance is that I would like to avoid.
Certainly a tough balance. There are a lot of crazy blacklists out
there, and there seem to be very few reputation systems in the wild
that have more than 2 shades (ultra-bad and ultra-good). There are a
few that are starting to pop out of the woodwork (IronPort and
Return-Path both have one, there are likely others). One way
reputation systems could work would be to define an ISP as neither good
nor bad -- and either don't (or make it extremely hard to) let the
reputation sway. FWIW, this is what we do. An email truly from
yahoo.com is not guarenteed inbox delivery. This also reduces the
incentive for spammers to either send through an ISP's system or resend
a ISP-domain email.
However there is a similar issue with DKIM. It's not clear what
policies a medium sized ISP could adopt to avoid being subject to
such
an attack. It's not clear how you could maintain a reputation while
still defaulting to providing service to anyone who wants an account.
How much of this lack of clarity is due to the lack of clarity
surrounding how all the individual blacklists are run?
miles