Hallam-Baker, Phillip <pbaker(_at_)verisign(_dot_)com> wrote:
[Gordon Fecyk <gordonf(_at_)pan-am(_dot_)ca> wrote:]
Whether the domain itself is trustworthy or not, I believe, is
not the decision of any central authority or array of loosely
centralized authorities. The recipient decides.
The recipient needs some basis to decide. Accreditation (though
I'd prefer to avoid that term) could help the recipient decide.
The problem with this approach is that it means that you can only
have negative accreditation data.
Actually, that's not true. With or without an "accreditation"
record in DNS, there will be whitelists as well as blacklists.
The advantage of having such records in DNS is to assist the
sender in suggesting a particular whitelist to check.
This get you into the problem of trying to police the entire net
which as MAPS and SPEWS prove is impossible to do well.
Whether or not we believe blacklists to be evil, I would hope
we could agree that policing the entire net is impossible.
As a sender I get to choose which positive actions I will take
to obtain an accreditation. I can choose to obtain an accreditation
from one source or many. But I have to choose which ones I get
the accreditation from.
Note that Phillip has clarified here that he's thinking in terms
of advertising multiple "accreditations". While I saw very little
point in being able to advertise only one, I see a potential for
great benefits from advertising many. The recipient can choose
which (if any) to "trust".
As a receiver you get to choose whether to take any notice of
it at all, or even that the accreditation is so widely abused
that you will consider that advertising it reduces my reputation.
That, too -- though it's probably a very silly policy...
My impression is no e-mail domain admins want any centralized
authority or collection thereof to say they're allowed to send
mail.
There's quite a difference between exactly-one "accreditation"
source and a potentially-large marketplace of "accreditation"
sources.
There is an immense demand for a credible multi-party whitelist
scheme. Instead of separately having to get an erroneous blacklist
entry cancelled at AOL, Comcast, Yahoo etc, show that you are not
a spammer.
It seems worth trying...
--
John Leslie <john(_at_)jlc(_dot_)net>