Re: SPF abused by spammers
2004-09-16 00:11:26
Very small senders won't have the volume to create a statistically
significant reputation. But if they are accredited ("this is a shoe
shop, established in 1985, uses good practices") and the reputation
data is essentially empty, then you know something.
Basically what you're saying is that accreditation is a form of
using someone else's reputation?
Yes.
That is certainly one aspect of accreditation, and an important one.
For example, small publishers of newsletters often have problems in
this regard because they simply are below the radar, which isn't always
a good thing in this context. Cf. Lockergnome and This Is True as
examples of newsletter publishers who are listed in IADB, but simply
aren't big enough to have created a widespread reputation on their own
- or to afford to play with the big boy in being listed in Habeas or
Bonded Sender.
But that isn't even the primary benefit of a system like IADB.
Relying solely on reputation doesn't really get a lot of receivers
where they want to be, although it certainly does get some where they
want to be. For one thing, if someone isn't listed in Habeas or Bonded
Sender, and isn't listed in a blocklist - or you don't use an external
blocklist (as many ISPs now don't) then you know _nothing_ about the
sender. Even if they are listed with Habeas or Bonded Sender, you
still don't know anything about them other than that either they signed
a contract saying they wouldn't send non-compliant email through the
listed IPs (Habeas), or they met Bonded Sender's requirements and were
willing to put up $ against any spam complaint.
In short, what you know about the sender is once-removed - you only
know what their relationship with the reputation agency is, not
anything in particular about the sender.
With an accreditation database, you have the ability to learn factual
information *about the sender*. Is their mailing list email from this
IP address all confirmed opt-in? Opt-out? Do they publish SPF
records? Are they listed with Bonded Sender or Habeas (in IADB that
becomes another datapoint - but not a "vouch" for them - i.e. it is
additional information which, coupled with all the other information
available, helps you to have a better picture of the sender).
And then IADB2 takes all this information and rolls it into one
aggregate score, so if you prefer a weighted single score to individual
bits of data, you can have that too.
It's kind of like having DNS access to the Consumer Reports of email
senders.
Again, if you haven't, before you judge based on preconceived notions,
please read
http://www.isipp.com/iadb.php
http://www.isipp.com/codes.php and
http://www.isipp.com/codelist.php
Anne
|
|