Hello,
I started off writing some nasty sarcasm here, but decided best
against it.
You see, I know about a non-profit organization that sends newsletters
via email to their members. One day not too long ago a good many of
subscribers could not receive the newsletter. The problem was that a
medium to large sized ISP decided to use a whitelist from a third party.
After contacting the company that ran the whitelist, it was determined
that it would cost about X amount per year to send email to members
that used the particular ISP. The non-profit organization would not
afford that in their budget, and the decision was made to simply ignore
the situation and "hope it ceased naturally".
(which indeed seems not to be an issue any longer).
But it was a troubling predicament for a moment.
The thing is, a large budget doesn't mean you are a bad guy, and it
doesn't mean you are a good guy.
The organizations that profit from running these lists could be concerned
with the good of all, or they might not.
Just because an organization pays X amount a year to get an SSL cert
digitally
and automagically signed (thinking of the cacert discussion which I believe
was on this list) doesn't mean that the members of that organization will
treat all collected customer data as they would their own information, as
they should.
With all the SSL badges and banners on shopping sites, the marketing
position is to create an appearance of legitimacy and security. However
the reality is that an SSL cert that cost a Pizza and a Six Pack is
exactly as
functional as one that cost 100 head of Swiss Cattle.
I honestly believe that setting up the condition of being in a "whitelist"
is just asking for trouble. And it has to upset many of those people that
put their own time and money into crafting our Internet, just for the
betterment of "X".
Please remember this Internet is all just a whim anyhow, regardless of
the utility realized by humankind.
Best Regards
Waitman Gobble
John Glube wrote:
Seth -
Just a follow up comment on one point, how can receivers
use the information provided by accreditation services?
The answer depends on one's perspective. If you hold the
view that since commercial usage of email leads to spam,
then you will filter all email for content and use a rating
criteria to ascertain whether a message is spam or not.
In this case one can apply ratings based on the standards
set by the accreditation service.
Accreditation services which require verified opt-in with
black listing for non compliance should logically give
these senders a significant benefit.
Accreditation services which only require unconfirmed
opt-in or a pre-existing business relationship with
financial penalties being imposed and loss of accreditation
based on certain criteria should logically give these
senders some minimal benefit, since there are some controls
being imposed on these senders.
On the other hand, if you hold the view that commercial
usage of email is not bad in and of itself as long as the
messages are sent with prior permission, then you will use
the information provided by accreditation services for
white listing purposes at the network server level.
In this case how does one respond to the different
standards? It is up to receivers.
From the end user's perspective, as a customer of an
internet service provider, I would suggest:
* Senders who comply with accreditation standards which
require verified opt-in and who are black listed for
violation can be white listed at the network server level,
with the end user then assessing content based on his or
her personal preferences.
* Senders who comply with accreditation standards which
don't require verified opt-in should not be white listed.
Why? By receivers drawing this distinction, it compels
senders to either use verified opt-in or have their
messages subjected to content filtering, albeit receiving
some benefit depending on the nature of the controls
imposed by the accreditation service and how receivers view
the value of these controls.
From either perspective, I suggest once verified opt-in
senders are able to establish a 'good' reputation, these
senders can if they wish, withdraw from the use of an
accreditation service and rely upon their 'good' reputation
to be white listed at the network server level.
This negates the concept that 'good' senders should have to
pay for email delivery. This requires wide spread
implementation of workable reputation services.
Unfortunately, we are not yet at that stage.
As to individuals who use domains for identity purposes
only and do not send bulk email, we are into a different
area.
There have been suggestions put forward of using free cert
services, one time fee only for accreditation, along with
restrictions on daily volumes. These may be acceptable
solutions. However, without a fully flushed out position,
it is hard to make any comment.
John
John Glube
Toronto, Canada
The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 11/08/2004
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com