On Thu, Jan 22, 2004 at 02:28:33PM -0600, Phil Howard wrote:
| I'm not going to trust a spammer to tell me to look at DMA to find out
| he's a good guy.
You're missing the point. The spammer will tell you he's listed with
the DMA. That's the accreditation step.
You will then say, pah, I don't trust anything the DMA says. That's the
reputation step.
Reputation can be provided by antispam vendors like Brightmail.
So there's a four-entity system:
sender
- sends the message.
accreditor
- paid by sender to make assertion about the sender.
- assertion can be verified by recipient
------------------------ this is the line in the sand
----------------------------
recipient
- gets the mail from the sender.
reputation service
- tells the recipient what it thinks of the sender, of the assertions
made by the sender, and of the accreditation service itself.
it's like seconds in a duel.
There's actually a five-entity system because behind the sender is the
author, but we can get to that in a separate message.
|
| But a mechanism that allows the spammers to fake it is useless. If the
| spammer tells you where to look things up, that's no good. I need to be
| able to look things up from where *I* specify, not where the spammer says
| to.
|
If a spammer fakes it, the accreditation service won't verify.
If the accreditation service is bogus, your reputation service will know that.
The spammer is not telling you how to make your reputation decision.
Only you can tell yourself where to make a reputation decision.
The sender is putting their cards on the table for you to help you make
that decision.
|
| You still have to implement the logic behind the data for it to be of any
| use. Unvetted extensibility is a bad idea.
I agree, but in this case I think we can get away with it, because the
line in the sand means that by default a receiver doesn't trust anything
said by the sender, and only begins believing things that can be
verified by an accreditation service that the receiver does trust.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡