Folks
On the whole issue of reputation and accreditation, Meng has
put up a good set of visuals here:
http://spf.pobox.com/aspen.html
This helps to explain what is going on in general terms and
is a useful read.
GOSSiP can fulfil the reputation side of the equation. The
problem is for those who have no reputation.
Establishing a 'good' reputation takes time and depending on
volume levels may simply not happen for an extended period.
With no reputation, depending on local policy your email
will most likely be subject to filtering.
It is correct that real time block lists like Spamhaus
provide a good measure of accuracy as to spam sources and
rejection.
However, this does not address the recipient's need for
content filtering even if the message does not come from a
known spam source.
If delivery is mission critical for your online business,
then business owners need a solution.
I appreciate many folks consider this a necessary evil at
best and something else at worse.
In the online community, email has become an almost
immediate means of communication at very minimal cost.
However, this lack of friction has in part lead to the
present problems with UBE.
Over the years, there has been lots of discussion about
e-postage and so forth. However, these schemes have been set
aside for the moment.
Why? I suggest if you have not done so, please read the
FTC's Feasibility Study on A National Do Not Email List.
http://www.learnsteps4profit.com/dne.html
See in particular the first 12 pages of the report, along
with the interviews conducted with the 3 computer scientists
retained by the Commission to provide guidance and the
related interview.
What seems workable within the near term based on everyone's
analysis of the situation is sender authentication as one
peg and reputation as the other peg, with accreditation
being used by those who fall in the grey area between good
and bad.
On the reputation side GOSSiP and CLOUDMARK seem to be good
free alternatives.
I write seem to be only because in the case of GOSSiP were
are not yet out of the box and in the case of CLOUDMARK this
is a Sender-ID based implementation.
Neither solution has been field tested. We don't know
whether they are scaleable.
On the accreditation side, if people can come up with better
solutions, great.
However, a lot of people have looked at this whole problem
for quite some time. Extensive research was done by the Anti
Spam Research Group prior to MARID being established and the
sender pay model from all of the research I have read is the
consensus as the best approach.
A lot of folks are concerned this penalizes the micro
business owner in favour of large businesses.
Some people have gone so far to speculate this whole
exercise (being industry self regulation as opposed to
banning UBCE) was designed to squeeze the micro business
owner out of the email industry and leave it to the fortune
1000 companies.
I have no reason to believe this.
Others have suggested it will never work, involves conflict,
receivers have nothing to discuss.
Well if one believe anyone who is in business and uses email
is a spammer than yes this is true. But this is simply not
the reality.
What is self evident from the comments made on this list and
elsewhere is that:
* Receivers need to filter. Some sort of solution is
required for the micro business owner, who complies with
best practices and for whom email communication is mission
critical, so that receivers can protect their networks while
letting 'trusted,' 'accredited' or 'vouched' mail can pass.
* Some receivers are hostile because they are concerned this
may mean a loss of control over their networks.
The solution needs to be workable, viable and does not form
unrealistic barriers to entry or continued participation.
We are now in the SPF implementation phase.
This is why I came forward to this list and asked for
comments and input for which I am grateful. Further comment
is appreciated.
Curious, does anyone know how many SPF records were
published today?
John
John Glube
Toronto, Canada
The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 11/08/2004