ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

accreditation vs reputation

2004-04-12 15:26:40
from [Meng Weng Wong] [Permanent Link] 

On Mon, Apr 12, 2004 at 02:59:38PM -0400, John Leslie wrote:
| 
|    Please understand, there CANNOT be a single reputation service which
| serves all needs. There will be a considerable number of receiving admins
| that trust only senders which promise to do something which will turn out
| to be illegal in some country most people don't even know how to spell.
| 
|    Thus, there will need to be a negotiation process to find a reputation
| service acceptable to both receiver and sender (if such a thing exists).
| 

I also agree with most of what PHB and you said above, but I want to
clarify this ---

As you noted, single-intermediary designs tend to attract conflicts of
interest.  A double-intermediary system minimizes those conflicts.

I expect senders to establish a cooperative relationship with
accreditation services.

I expect receivers to establish a cooperative relationship with
reputation services.

I expect reputation services to establish a critical relationship with
accreditation services.

Examples of accreditation services today include bondedsender.org and
IADB.  More roughly, .tm and the proposed .mail.  If the sender pays the
service to vouch for them, it's an accreditation service.  The
accreditation service has to perform some kind of due diligence to have
credibility with reputation services.  This is a fledgling industry.

Examples of reputation services today: DNSBLs, RHSBLs, Spamcop, etc.
If the receiver asks the service for a spam-or-not opinion about incoming
mail, it's a reputation service.  This is an established industry.

Reputation services can judge senders directly and also they can judge
the accreditation services who vouch for those senders.

  sender -- accreditation service :: receiver -- reputation service

If an accreditation service operates under the same roof as a reputation
service, there must be a wall between them: the kind of wall you find
(in theory) between the editorial and advertising departments at a
newspaper.

Sender authentication/accountability makes it possible for the above
framework to operate based on domain name instead of IP address.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Caller ID and bounce messages (was: Microsoft submitting Caller ID as draft RFC), Philip Miller
Next by Date:  Re: Caller ID and ease of adoption (was Microsoft submitting Caller ID as draft RFC), Philip Miller
Previous by Thread:  Re: User experience; RHSBLs; Strong From: check seems possible, John Leslie
Next by Thread:  RE: User experience; RHSBLs; Strong From: check seems possible, Harry Katz
Indexes:  [Date] [Thread] [Top] [All Lists]