From: "Ian Peter" <ian(_dot_)peter(_at_)ianpeter(_dot_)com>
I want to express concerns about the need to handle reputation
very well, and a strong concern that, until something is in place
and thoroughly communicated to domain holders, we should not rely
on it in a major way. Any scheme that relies on small domain
holders and small systems finding out about it (such as by
reading this list??) and then actually doing something is asking
for serious trouble
But with a reputation system, it's up to the recipient to choose nodes that
are most compatible with his own philosophy on mail. There is no "central
database" - that is the whole point. Users choose their own providers of
reputation records, and also choose how much to believe them.
Small domains sending small amounts of mail will get their reputation as
time goes by and the volume of their mail accumulates. In the early stages
of their existance they will not have a "bad" reputation - they just won't
have a reputation at all, and the recipients can filter the mail in the
usual way - spf and spamassassin in my case. :-)
There's no single system that's going to fix the problem, but it looks very
optimistic for the mix of a reputation system like GOSSiP, plus SPF records
to avoid forged mail, and server-side filtering like spamassassin.
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492