Seth,
I appreciate your taking the time to respond, along with
your frank statement of concerns.
(Don't the diplomats say, the parties had a frank exchange
of views, which really means, they threw everything back
and forth at each other but the kitchen sink:-))
Let me look at the underlying issues from your perspective:
Promises to follow policies are not of any value unless you
have an actual contract between sender and recipient.
As someone who believes in the sanctity of contracts,
agreed.
I note in passing, if the contract between the sender and
the accreditation service is properly structured, since the
ultimate beneficiary are recipients who use the
accreditation service, this gives these recipients a right
of action to sue any sender who breaches the contract and
causes recipients to suffer damages which can be stipulated
in advance.
Also, let's include a term that the sender will fully
cooperate with regulatory authorities in response to any
reported violations of prohibited sender behavior under
applicable laws.
I would expect that a sender-financed accreditation service
to meet the needs of recipients as well as a Chamber of
Commerce does for consumers. I wouldn't expect to get an
honest answer from a Chamber of Commerce as to the
reputation of any of its members, nor would I trust any
sender-funded accreditation service.
Obviously I disagree as to whether one will receive an
honest answer from an accreditation service.
However, it is fair to put the concern on the table so that
steps can be taken to deal with this issue.
The real issue is whether one believes industry self
regulation can work.
Sender authentication, along with accreditation and
reputation is self regulation by industry.
In the United States, this stems from how the US Federal
law regulating commercial email was written.
This goes back to underlying economic theories of how one
perceives markets work best.
For now, the FTC would like to see industry regulate
itself.
Hence the decision to let industry come up with a sender
authentication protocol, while reserving the right to step
in, if required.
However, once you embark on the course of industry
regulation, ultimately government has to oversee certain
aspects of any self regulatory scheme.
If it's financed by senders, I'm afraid that is what you're
up against. The difference in viewpoints between bulk
senders and recipients is so different as to be
irreconcilable. Bulk senders typically find blacklists to
be arbitrary, punitive and unfair. As a recipient and an
engineer, I find that blacklists have become increasingly
accurate and responsive. Bulk senders want a well-defined
system that resembles due process. Recipients prefer
immediate halt to abuse, which precludes due process. In a
typical adversarial relationship, eventually the two
parties might benefit from cooperation. However, in this
case, the bulk senders have nothing that recipients want,
so there is no basis for cooperation.
Well at least I understand from whence you come with the
admission of your being an engineer:-)
The underlying premise is your view that as bulk mailers
have nothing recipients want there is no basis for
co-operation.
Let me put forward an example. I run an internet access
service, providing customers with broadband internet access
along with web based mail service and POP3 access.
Customers send and receive email, the later in accord with
the service's AUP. Customers will also receive
transactional messages, along with newsletters and
commercial messages.
In running this service I make it clear to senders and my
customers through publication of an online acceptable use
policy that the only newsletters and commercial messages we
will transmit to our customers' mailbox is where there is
verified consent, closed loop verification or verified
opt-in. Any other form of newsletter and commercial message
will be rejected.
(As a side note, given the proposed rules concerning the
primary purpose of transactional messages, I might have to
modify that policy, but that's a separate issue.)
Nice in theory, but how do I enforce this policy?
As we both know, there are real time black lists which
operate on this basis. So I pick up the data feed of these
services.
Would I as a recipient be interested in a service which in
essence:
* provides me with confirmation that listed senders have
agreed to this standard;
* gives me the beneficial right to enforce the agreement
between the sender and the accreditation service; and
* includes a term that listed senders will fully co-operate
with regulatory authorities in response to any reported
violations of prohibited actions under applicable law.
Now, since I am marketing an internet access service to
consumers, who don't wish to receive UBE, but want to send
email and receive transactional messages, newsletters and
in some cases commercial messages, such a service is of
interest, because it fills a need which I have.
Let's go one step further and give my customers access to a
'this is spam' button in their web based mailbox and as a
free add on to their email client software which my
customers use to download email from their web based mail
box.
This is in essence the scenario which many internet access
services now or will likely operate under in the near
future, except that the standards for acceptance of
newsletters and commercial messages for delivery to
customers are often not as strict.
This is not meant as a criticism, but simply a reflection
of how some service providers operate based on what they
believe to be their customers' wishes.
The point? There are points of common interest between
senders and internet access services. At the same time
there are points of friction.
The key points of friction are when and how to stop abuse.
Senders want some standards. Internet access services want
total discretion, so being able to meet the needs of their
customers.
The answer? Well that is why I am posing the friction
points and then simply going to sit back and listen.
John
John Glube
Toronto, Canada
John
John Glube
Toronto, Canada
voice: 416-535-6366; mailto:john(_at_)learnsteps4profit(_dot_)com
private message: http://adcopy.quikonnex.com/
Discover How Anyone Can Get More Buyers
http://www.learnsteps4profit.com
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Seth
Goodman
Sent: August 16, 2004 7:06 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Good Domain List one step closer to
reality (actually two steps)
From: John Glube
Sent: Monday, August 16, 2004 12:00 AM
Seth -
Community operated blacklists give me all the reputation
information I need for free. Accreditation doesn't offer me
anything of value.
Receivers don't have to pay to access information received
from accreditation services.
This means any receiver can use this information if they
wish to augment other available sources to determine the
trustworthiness, or lack of trustworthiness of a
particular sender.
For example, if the accreditation service uses a listing
concept to outline specifically the sender's policies, a
receiver can use this information to make decisions based
on their own local policy as to what steps it wishes to
take in dealing with a message received from sender
accredited by this service.
Promises to follow policies are not of any value unless you have
an
actual contract between sender and recipient. Only a reputation
rating
based on past history has any real value for the recipient. Even
then
it is questionable, as businesses can change their name, status
and
corporate charter faster than anyone can keep up.
Anybody whose business it is to accredit email senders
where such accreditation is in both parties mutual interest
is, in fact, a conflict of interest.
You are stating since senders are paying the bill,
therefore the accreditation service will be biased towards
senders as opposed to receivers.
This is based on a presumption which is not correct.
For an accreditation service to have any value, the fact
senders are paying the bills must in and of itself have no
bearing on how the accreditation service operates.
I will flatly state my position on this: follow the money. It's
very
simple but it still appears to be the best predictor of outcomes.
A
financial conflict of interest is inherent in the sender-pays
concept.
This amounts to industry self-regulation, which has proven not to
work
in many settings. The worst part about it is that only the
largest
players benefit from this structure. The small-fry don't get any
special favors but still have to pay.
I would expect that a sender-financed accreditation service to
meet the
needs of recipients as well as a Chamber of Commerce does for
consumers.
I wouldn't expect to get an honest answer from a Chamber of
Commerce as
to the reputation of any of its members, nor would I trust any
sender-funded accreditation service.
How do you establish:
* the review criteria before acceptance;
* the standards of performance by senders;
* the criteria for punishment; and
* how that punishment is meted out?
Other questions include:
* Do you establish a board of advisors?
* If so, what should be the role of this board and who
should be on this board?
In answering these questions, one has to ask the receiving
community for comment, input and guidance since this is the
community which will receive the benefit of the service.
This is all very thoughtful, but it doesn't change the basic
financial
imperatives, with the final result being ...
Of course, receivers can decide despite all this, we don't
trust these folks.
We think they are in the pay of senders and we will not use
their service no matter what they say.
That is historically what people have found to be true. It is
driven by
the fact that when there are competing priorities, people will
most
often act in their financial self-interest. The nature of our
present
economic system drives people to heavily favor short-term
benefits,
which exacerbates the situation.
My response?
If this is the general consensus then it is back to the
drawing board. What has been done incorrectly and what is
needed to rectify the situation.
Of course some people will simply decide they have no
interest in using such a service no matter who is involved
and how it is set up.
If it's financed by senders, I'm afraid that is what you're up
against.
The difference in viewpoints between bulk senders and recipients
is so
different as to be irreconcilable. Bulk senders typically find
blacklists to be arbitrary, punitive and unfair. As a recipient
and an
engineer, I find that blacklists have become increasingly
accurate and
responsive. Bulk senders want a well-defined system that
resembles due
process. Recipients prefer immediate halt to abuse, which
precludes due
process. In a typical adversarial relationship, eventually the
two
parties might benefit from cooperation. However, in this case,
the bulk
senders have nothing that recipients want, so there is no basis
for
cooperation.
--
Seth Goodman
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate
your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 11/08/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 11/08/2004