On Apr 10, 2013, at 6:26 AM, Keith Moore
<moore(_at_)network-heretics(_dot_)com> wrote:
On 04/09/2013 08:07 PM, John Levine wrote:
Quoting Nathaniel Borenstein [1]:
"One man's blacklist is another's denial-of-service attack."
Email reputation services have a bad reputation.
They have a good enough reputation that every non-trivial mail system
in the world uses them. They're not all the same, and a Darwinian
process has caused the best run ones to be the most widely used.
There seems to be a faction that feel that 15 years ago someone once
blacklisted them and caused them some inconvenience, therefore all
DNSBLs suck forever. I could say similar things about buggy PC
implementations of TCP/IP, but I think a few things have changed since
then, in both cases.
There's an inherent problem with letting 3rd parties affect email traffic,
especially when there's no way to hold those 3rd parties accountable for
negligence or malice.
Dear Keith,
I share your ideals. Being able to authenticate domains SOURCING emails brings
self administration of sources much closer to a practical reality. As stated
in the pdf paper "Domains as a Basis for Managing Traffic", one hundred
thousand domains control 90% of Internet traffic out of approximately 100
million domains active each month. The top 150 domains control 50%, and the
top 2,500 control 75% of the traffic. This level of consolidation permits
effective fast-path white-listing, where then dealing with the remainder is
less of a burden.
Let me assure you a third-party internationally offering services aimed at
mitigating abuse either in the form of unwanted inundation of commercial
solicitations that also affords the resources needed for protections against
malicious code is not above the law. We have endured many law suits brought by
those wishing to profit on their various endeavors against the desires of our
customers. Truth is one of the first victims in the abatement process. As
such, evidence of abuse must be incontrovertible. Authorization does not imply
culpability any more than some signed message content independent of the
intended recipient or the actual source. Evidence must not rely on statistical
likelihoods. The stakes are far to high.
Regards,
Douglas Otis