Re: Authentication, Accreditation, and Reputation
2004-08-14 09:56:46
On Sat, Aug 14, 2004 at 08:53:39AM -0400, John Glube wrote:
The purpose of an accreditation service is to:
* facilitate the process of obtaining and maintaining a
good reputation;
Accreditation has nothing to do with reputation. Reputation is a
behavioral metric, and the only behavior that matters here is: does this
identity have a history of sending spam or ham? Whether the identity
has the wherewithal to purchase accreditation is a non-issue.
This isn't just my opinion, by the way. All the literature on repuation
systems that I've been able to find (dig through CiteSeer, for example)
define reputation as a behavioral metric directly tied to the actions of
an agent in the arena to which the reputation applies. I.e., there's no
notion of "accreditation" included.
A person may decide, since I have published the appropriate
SPF, E-mail policy, CSV records, I am prepared to allow
sufficient data to accumulate and gain a good reputation.
Reputation has nothing to do with information provided by the sender.
It's based on information observed by the receiver in the act of
receiving the mail. I could build a reputation rating for an identity
today based solely on the contents of MAIL FROM:, HELO/EHLO, the IP from
which the mail is being sent, and a determination of whether that mail
is spam or ham. Things such as SPF record publishing, CSV, SSL certs
and so forth have no bearing on whether you're forging MAIL FROM: and
HELO/EHLO, whether you're sending mail from an IP from which you don't
normally send mail, and whether the content of that mail is spam.
--
Mark C. Langston GOSSiP Project Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org http://sufficiently-advanced.net
mark(_at_)seti(_dot_)org
Systems & Network Admin Distributed SETI Institute
http://bitshift.org E-mail Reputation http://www.seti.org
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Authentication, Accreditation, and Reputation, Jonathan Gardner
- Re: Authentication, Accreditation, and Reputation, Tom
- RE: Authentication, Accreditation, and Reputation, John Glube
- Re: Authentication, Accreditation, and Reputation, Mark C. Langston
- RE: Authentication, Accreditation, and Reputation, Guy
- Re: Authentication, Accreditation, and Reputation, jpinkerton
- RE: Authentication, Accreditation, and Reputation, John Glube
- Re: Authentication, Accreditation, and Reputation,
Mark C. Langston <=
- RE: Authentication, Accreditation, and Reputation, John Glube
- Re: Authentication, Accreditation, and Reputation, Mark C. Langston
- RE: Authentication, Accreditation, and Reputation, John Glube
- Re: Authentication, Accreditation, and Reputation, Mark C. Langston
- RE: Authentication, Accreditation, and Reputation, John Glube
- Re: Authentication, Accreditation, and Reputation, Graham Murray
- RE: Authentication, Accreditation, and Reputation, John Glube
- RE: Authentication, Accreditation, and Reputation, John Glube
Re: Authentication, Accreditation, and Reputation, Frank Ellermann
|
|
|