On Thu, 2004-09-23 at 21:36, Scott Kitterman wrote:
Right. But getting stuck on a RHSBL would be much worse. It wouldn't
matter what MSA you used. Your mail would still be blocked.
I am guessing that domain-based blocklists would have some sort of aging
algorithms, halflifes or other sorts of decays applied to reports.
People will get into those lists incorrectly, so the lists will have to
have some sort of way for domains to get out of them--or fewer
recipients won't use them because of false positives.
People stayed away from SPEWS way back when for just such reasons, and
folks use spamhaus and other pretty-trustable RBLs because of their
accuracy and low false positives.
If an MSA submits spam, shouldn't they be the one that gets shut down.
They accepted the message for submission.
I want to live in a world in which I can go to an email service
provider, set up an account, be completely protected from cross-customer
forgeries of both MAILFROM and PRA types(*), and yet still be able to
send out emails via that ESP even if they also have unrepentant spammers
as other customers, without worrying about being blocked based on the
ESP's outgoing IP addresses.
I think this world can come about, as spf and similar techniques become
popular.
IMHO requiring ESP's to be forever responsible for the content-based
actions of their customers is pretty extreme. I accept it for now, as
spf isn't popular enough to transition from IP-based to domain- or
email-address based blocklists, but I hope this to be a temporary
situation.
I'd prefer ESPs to concentrate on technical excellence, leaving
spaminess judgements, especially grey-area judgements, to the
end-recipients and the reputation and accreditation organizations they
trust.
(*) Still writing up an email on what I think that means.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com