[Mark Shewmaker]
That will happen now, just more indirectly, via IP-based block lists.
Tell me about it. It's pretty much impossible to get de-listed from
SPEWS if you're a Qwest DS1/DS3 customer, for instance. Whole class Bs
of the Qwest IP space are blacklisted by SPEWS.
This is one of the best things about SPF/MARID - it allows us to base
reputation on the sending domain's behavior, rather than on the
reputation of some large bureaucratic company that won't commit the
resources to police the behavior of their thousands of clients in a
timely fashion. However, the problem with blacklists getting stale or
being incorrect still remains.
Once I tried to do a False-Positive/False-Negative comparison of the
popular IP blacklists, but was unable to get it working properly with my
very rusty C skills.
Has anyone ever seen an effective "reputation system for reputation
systems"? I've seen a few statistical comparisons of DNSBLs, but they
all seem to ignore the most significant item when it comes to spam
filtering: the false-positive percentage. Of course, you have to have a
person manually evaluating whether or not each message *is* spam to get
this data, so perhaps that's why.
Such "reputation system grading" is probably something that is going to
be even more necessary as SPF/MARID grow in popularity. People will need
to know which reputation systems they can trust, right?
Regards,
Ryan