Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> wrote:
All of the possible good and bad aspects of any possible "trust" or
"reputation" system are already present in the current system.
Not so.
- If you say that you can't trust ISPs to check that a new customer
is not Al Ralsky in disguise or one of his proxies, then you must
say the same about any other organization.
ISPs operate in a _very_ different business environment than, say,
UNICEF.
- If you say that ISPs cannot check the reputation of new customers
for a $30/month account, then you must say the same about any
other organization.
ISPs offering $30-per-month service are very likely losing money
(and worrying who to lay off next). Your bank, OTOH, is probably
doing nicely on less than $30-per-month service charges. Also, some
ISPs have no reason to worry much about their reputation, because
they have in effect a government-mandated near-monopoly.
- If you trust some of those other outfits to revoke their virtual
letters of introduction and recommendation, then you must be
willing to trust some ISPs to do the same and terminate accounts.
Ah, yes, but _which_ ISPs?
- If you say that third party organization could assure you that
a mail sender is not a spammer, then you must agree that an ISP
could check with that organization before adding a password to
a RADIUS server or or turn on a DSLAM, and that an ISP could
terminate an account when that third party revokes is assurance.
The first part is actually true: I think we'd actually see that
if such third-party services come into common use. :^)
The second part (terminating) is not true, IMHO. There's a real
danger of getting sued for that, not to mention the loss of revenue.
However, donning Pangloss's hat, I do hope that they might activate
some port-25 bandwidth-limiting. ;^)
If you believe that "reputation" or "trust" systems might help
the spam problem, then the only room for improvement is in the
trust query protocol. DNS is a screw driver being used as a
hammer in DNS blacklists.
Current DNS blacklists are, IMHO, trying to do an impossible job.
However, this is merely a matter of optimization or elegance.
I disagree: it's a matter of biting off more than you can chew.
--
John Leslie <john(_at_)jlc(_dot_)net>