On Sat, Sep 18, 2004 at 09:54:54PM -0700, Anne P. Mitchell, Esq. wrote:
|
| Just a correction here - Habeas and Bonded Sender are *reputation*
| databases, not accreditation. To my knowledge IADB is presently the
| only true accreditation database out there (although almost certainly
| will not remain so for long).
|
OK, i think this is a sign that we really need to agree on
our terms :)
Here's the reason I think Habeas and Bonded Sender are
accreditation services: if you follow the money, senders pay
to be listed. Listing may require senders to follow certain
guidelines, but ultimately, listing in those systems is of
benefit to senders who might otherwise face difficulty
getting their mail accepted.
Certainly, all senders nowadays face difficulty getting
their mail accepted, but certain senders are particularly
concerned about deliverability because distinguishing their
communications from spam are a business priority.
Reputation systems, in my view, operate on behalf of
receivers, and do not require payment from senders to be
listed; if anything, receivers benefit from an agency
operating on their behalf, and so, again, if you follow the
money, you see receiving ISPs and enterprises writing checks
to sites like mail-abuse.org and spamhaus.org.
By my definition, accreditation services operate on behalf
of senders, and make assertions about future behaviour.
Reputation services operate on behalf of receivers, and make
assertions about past behaviour.
You get listed on SBL and MAPS based observations about past
behaviour.
You get listed on Bonded Sender based on promises about the
future.
Of course, past performance *is* a predictor of future
performance. Accreditation services may constantly audit
their customers, and yank their accreditations if they fail
to meet the promised standards. But that is a second-order
effect.
Here's what http://www.bondedsender.com/ says:
By joining Bonded Sender, senders improve deliverability
rates and differentiate their brand. ISP's and other
email receivers benefit by avoiding the risk of
inadvertently deleting email their users want and by
reducing the costs of managing a "whitelist" of senders.
Certainly both senders and receivers benefit from such a
service, because they're ultimately on the same side
fighting against spammers and the false positive problem.
But if receivers can query Bonded Sender for free, and
senders have to pay, I think their alignment is pretty
obvious.
Nowadays, in the absence of prior trust, receivers must be
skeptical by default. So, it seems to me that reputation
services must serve receivers and accreditation services
must serve senders. If a single organization tries to serve
both markets, it must construct a wall between departments:
the same wall that, in the media, divides editorial from
advertising. There the divide follows from "reportage,
serving the audience" vs "sales, serving the advertisers".
So, from the receiver's point of view, there are a number of
entities out there, each with a set of assertions about
senders. First, a receiver trusts the people it has paid to
trust: reputation services who objectively report past
performance about senders and perhaps offer a prediction
about their future behaviour. Second, a receiver may also
trust anyone it considers a good source of data: and
an accreditation service happens to be reputable, then it
gets included in the decisionmaking process. But that
doesn't make an accreditation service a reputation service.
An accreditation service may be an input to decisionmaking,
but it is still subject to a prior decision of what its
reputation is worth.
If we want to use different words to describe these things,
now's the time to choose them.