On Fri, Aug 13, 2004 at 09:28:12AM -0700,
Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:
Mark C. Langston wrote:
On Fri, Aug 13, 2004 at 03:14:13AM -0400, Meng Weng Wong wrote:
Cloudmark has introduced a rating service.
Verisign is publishing its list of domains with SSL
certificates.
Specifically, how is the ability to purchase an SSL certificate
conferring a "good" status to a domain?
It's not a question of "good"ness. It's a question of commitment.
A vanilla domain costs less than $10 a year. SSL certificates from Verisign
cost around $300 a year.
If a domain is identified as a spam source, spammers will ditch it for new
ones. This is more painful for them if they've invested $300 in the domain
than if they've only invested $10.
I don't see how purchasing an ssl certificate has anything to do with
reputation. Reputation is based on observed behavior over time for a
given entity. That entity can be determined, observed, and routed
around (if necessary) without an SSL certificate.
The only benefit of buying an SSL certificate is money in Verisign's
pocket. This isn't a "Verisign is evil" rant. This is a "trying to
make a profit off reputation and/or trying to confer a good reputation
by spending money is an extremely poor idea" rant.
If you think spammers can't afford $300, you're mistaken.
--
Mark C. Langston GOSSiP Project Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org http://sufficiently-advanced.net
mark(_at_)seti(_dot_)org
Systems & Network Admin Distributed SETI Institute
http://bitshift.org E-mail Reputation http://www.seti.org