spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Good Domain List one step closer to reality (actually two steps)

2004-08-12 23:32:11
from [terry] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of 
Jonathan Gardner
Sent: Friday, August 13, 2004 1:34 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Good Domain List one step closer to reality
(actually two steps)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 13 August 2004 10:11 am, Mark C. Langston wrote:

<SNIP>

If you think spammers can't afford $300, you're mistaken.


SSL certificates have nothing to do with reputation. It has
everything to do
with accreditation, however. Accreditation and reputation are
the two next
steps.

When someone buys an SSL certificate from Verisign, they are
providing more
information than what went in to the DNS purchase, plus they
have basically
put a non-refundable bond up for $300 that they won't abuse
their domain.


Please don't call it a bond, because
1) if they do abuse, Verisign doesn't use the $300 to compensate/help the 
victims
2) non-spammers don't get their $300 back at then end of the year for good 
behaviour


If they do go ahead and start spamming, then they are
throwing the $300
away because the accreditation they bought will be
overwhelmed by their
negative reputation. If we rely on valid SSL certificates as
part of our
accreditation system, it will help raise the cost of spamming.


You are assuming that $300 of successfull spamming wasn't done before it was 
blacklisted.



If you choose not to recognize the Verisign accreditation, or
if you chose
to rate it *negatively* that is your choice. The same goes for public
reputation services.


Which also don't seem to work.  The only thing I have found whitelists good for 
is as personal
whitelists you want to shield known good from the blacklists one subscribes to.



- --
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBHPt6BFeYcclU5Q0RArUkAKDl1HiMYpWsGEZYZ5AtB1L9Mau7rACfVwzg
esaK4gxj2WehpB+RHBtNh/M=
=zdaa
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features SPF and Sender ID.
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to

http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  how to avoid receiving email w. sender forged to be a host in my domain, Roger Moser
Next by Date:  Good Domain List one step closer to reality (actually two steps), Meng Weng Wong
Previous by Thread:  Re: Good Domain List one step closer to reality (actually two steps), Jonathan Gardner
Next by Thread:  Re: Good Domain List one step closer to reality (actually two steps), Jonathan Gardner
Indexes:  [Date] [Thread] [Top] [All Lists]