ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SPF abused by spammers

2004-09-16 00:11:26
from [Anne P. Mitchell, Esq.] [Permanent Link] 



Very small senders won't have the volume to create a statistically
significant reputation. But if they are accredited ("this is a shoe
shop, established in 1985, uses good practices") and the reputation
data is essentially empty, then you know something.


Basically what you're saying is that accreditation is a form of
using someone else's reputation?


Yes.
That is certainly one aspect of accreditation, and an important one. For example, small publishers of newsletters often have problems in this regard because they simply are below the radar, which isn't always a good thing in this context. Cf. Lockergnome and This Is True as examples of newsletter publishers who are listed in IADB, but simply aren't big enough to have created a widespread reputation on their own - or to afford to play with the big boy in being listed in Habeas or Bonded Sender. 

But that isn't even the primary benefit of a system like IADB.
Relying solely on reputation doesn't really get a lot of receivers where they want to be, although it certainly does get some where they want to be. For one thing, if someone isn't listed in Habeas or Bonded Sender, and isn't listed in a blocklist - or you don't use an external blocklist (as many ISPs now don't) then you know _nothing_ about the sender. Even if they are listed with Habeas or Bonded Sender, you still don't know anything about them other than that either they signed a contract saying they wouldn't send non-compliant email through the listed IPs (Habeas), or they met Bonded Sender's requirements and were willing to put up $ against any spam complaint.
In short, what you know about the sender is once-removed - you only know what their relationship with the reputation agency is, not anything in particular about the sender.
With an accreditation database, you have the ability to learn factual information *about the sender*. Is their mailing list email from this IP address all confirmed opt-in? Opt-out? Do they publish SPF records? Are they listed with Bonded Sender or Habeas (in IADB that becomes another datapoint - but not a "vouch" for them - i.e. it is additional information which, coupled with all the other information available, helps you to have a better picture of the sender).
And then IADB2 takes all this information and rolls it into one aggregate score, so if you prefer a weighted single score to individual bits of data, you can have that too.
It's kind of like having DNS access to the Consumer Reports of email senders.
Again, if you haven't, before you judge based on preconceived notions, please read 

http://www.isipp.com/iadb.php
http://www.isipp.com/codes.php  and
http://www.isipp.com/codelist.php

Anne
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AOL on Sender I.D.., Anne P. Mitchell, Esq.
Next by Date:  New drafts, Mark Lentczner
Previous by Thread:  Re: SPF abused by spammers, Margaret Olson
Next by Thread:  Re: SPF abused by spammers, Dean Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]