--On Wednesday, May 11, 2011 20:36 +0000 John Levine
But, as far as "harm" goes, non-delivery of messages that
should have been delivered and instead vanished without a
trace is, for me, qualitatively worse than any quantity of
With a sufficient quantity of spam in your mailbox, you can't
even find the real mail so it might as well not have been
This may be just a difference in perspective, but I see
tradeoffs between my risk tolerance for losing messages and my
desire to avoid having my mailbox filled with noise. If I get
the virtual knob turned all the way to one side, I lose all of
the messages that might possibly be spam, i.e., all of the
messages unless I accept only signed messages from people whose
ability to manage keys I trust. If it turn it too far the other
way, I will have a lot of trouble finding real messages because
of the spam. My choice, my problem. And I assume that you
wouldn't try to deny me (or Keith) the right to make tradeoff
decisions even if you think they are stupid (or that my concern
about lost messages is excessive).
We hit a disconnect (I think), only when you (or others)
encourage some mail providers to reject or, worse, drop, my
legitimate mail (for the purposes of this discussion, assume
non-commercial, small number of recipients, and desired/
expected by the proposed recipient) because the sender did not
meet some semi-arbitrary criterion established by that provider
and not under the control of either the sender or (especially)
the intended recipient.
My definition of "semi-arbitrary" perhaps also differs from
yours. I would include in that category any rule that depends
on heuristics (which, by definition, will fail sometimes) and
any classification system that is not clearly identified and
against which the intended recipient of the message does not
have practice and effective recourse if the owners of the
classification system get things wrong.
I may be wrong, but I don't think either Keith or I are saying
"don't use blacklists in your systems". Keith, I think, comes
closer than I do. For all you know, I might even be using
blacklists as part of a scoring system (and I'm not telling).
What I think we are saying is:
(i) Don't force me to use blacklists or otherwise force
them on me or my mail.
(ii) If someone does use a blacklist and legitimate mail
is dropped, both the list compiler and the party who
decided to use that particular list and how should be
easily identified and accountable.
I don't see blacklists as being special in that regard. YOu
could substitute any technique for preventing some messages from
showing up in my primary inbox for "blacklist" in the above two
comments and I would almost certainly still agree.