Jon Kyme wrote:
Harry,
[snip]
trusted-forwarders.org is such a whitelisting service,
and it seems
to
work.
This may be a fine list during early development or beta
testing. But
are you suggesting this needs to be a permanent part of the MARID
solution? Based on the experience of similar list
providers, I would
guess that both DDOS attacks and litigation will follow.
This is an interesting point. I'm not sure what a DOS against
such a service would accomplish - apart from causing a
certain level of failure for messages which would otherwise
have been accepted. It certainly wouldn't (directly) cause
more unwanted mail to be allowed through.
I'm not sure. If the service opperated in such a way that
non-whitelisted forwarders were being blocked, then such forwarders, or
the spammers exploiting them, might have an interest in knocking the
service "off the air."
IANAL, but I'd be
fascinated to see the matter of any claim brought against a
*whitelisting* service. Do you have any references to such
action to hand?
I don't. Blacklisting services of course have been subject to many
suits. However, whitelisting services are relatively new. IANAL either,
but someday someone is going to be denied a listing and will sue. (If
Rene Descartes had been born in our time he'd have said "I sue,
therefore I am.") The best protections I think are a) very clear
guidelines on what is required in order to get onto the list, and b)
multiple lists, or to put it another way, no monopoly on the whitelist.
As for providing a mechanism for including "external references"
to "reputation" or "accreditation" services in
MARID-dependent schemes (either in publishing or in the
recommended algorithm for evaluating messages), some think it
a good idea. Personally, I'd consider it more a matter for
local policy. But I'm easily persuaded, especially as such
mechanisms might address (what's been identified as) the
forwarding issue.
I think senders should have a mechanism to tell receivers what services
rate/accredit them. Otherwise, in the absense of a monopoly
accreditation service, the receiver has no way of knowing which service
to query. This also makes the business model work right too. Senders
who benefit most from having a good reputation pay for the privilege and
can choose to be accredited by as many services as they deem
appropriate.
As a result, I think this means we need a standard way for senders to
publish this information and a standard location where receivers find
it. The exact location & syntax are probably beyond MARID scope. We
just need to get the extensibility right.