Steven M. Bellovin wrote:
On Sun, 09 Nov 2008 23:40:43 -0500
Tony Hansen <tony(_at_)att(_dot_)com> wrote:
In some sense, I have more trouble with white lists than black lists.
My concern is centralization of power. If used properly, white lists
are fine. If used improperly, they're a way to form an email cartel,
forcing organizations to buy email transit from a member of the inner
circle.
Hi Steven, long time...
Sort of a protection racket.
This only works insofar as the mail receivers (the ones who choose to
deploy a whitelist) is willing to let them. Receivers are driven, first
and foremost, by their users's complaint rates.
Receivers will notice increased complaint rates from a whitelist like
this, and begin to discount their input. As they also do with FP rates
on the blacklists they use. We see that now in take-up rates of various
DNSBL/DNSWLs.
Much as, say, people realized that TrustE logos didn't mean very much.
There's a much larger potential with proprietary reputation systems -
the buy-in costs are high, so it eventually becomes impossible for new
reputation vendors to get into the act, and receivers are reluctant to
switch vendors because they have to put yet another proprietary thingie
in their MTAs.
[A few years ago, at a MAAWG session, I caused a bit of slack-jawed
consternation when I strongly put forth the idea that reputation vendors
had to move to open protocols if they wanted acceptance at more than a
few of the very largest ISPs that could afford it. I'm glad to report
that at least one or two have since seen the light.]
In an standard protocol environment, startup costs are minimal,
receivers find it very easy to switch or mix-and-match.
Same goes with negative reputation.
A standardized open protocol greatly reduces the likelyhood of cartelish
behaviour.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf