Re: defining reputation and accreditation.
2004-09-20 01:35:43
Meng wrote:
First, a receiver trusts the people it has paid to
trust: reputation services who objectively report past
performance about senders and perhaps offer a prediction
about their future behaviour.
I am not aware of a single reputation service which reports objectively
on fact (I realize you didn't say on fact, I'm adding that in here).
In the case of blocklists, they all report on what *they* consider to
be acceptable or unacceptable, which is subjective, not objective. [I
will add here that at the time that I left MAPS, they were as close as
one could arguably get to reporting objectively about something which
was subjective by nature - in order to lawsuit proof a blocklist as
possible, the listing itself has to be based on something factual -
but even there the fact it is based on is "it doesn't meet our
criteria" - safer in terms of lawsuit risk, but still ultimately based
on something subjective (the criteria).
I think we'll always differ on the point of whether one can
successfully
sell reputation data and retain one's own reputation in the community,
but that's neither here nor there at the moment.
No, I don't think that's neither here nor there - I think that's very
salient to the discussion at hand.
Speaking from personal experience (with both MAPS and Habeas) it is
*very* difficult to *sell* _reputation data_ and still maintain
believability about your neutrality. It *is* possible to have that
neutrality - at both MAPS and Habeas, during the time just before I
left each, they were genuinely neutral and you could believe that the
reputations they ascribed to any given listee were accurate, not
money-driven (I emphasize "just before I left" because I cannot vouch
for either company now).
On the other hand, because accreditation and authentication databases
are not selling reputation - not selling a subjective judgement but
rather providing statements of fact, the question of neutrality is near
zero. Either a domain is authorized to send email through a particular
IP address or it isn't. Either all of the email coming from a
particular IP address is confirmed opt-in, or it isn't. Either they
publish SPF records, or they don't.
Anne
|
|