At 05:23 PM 2/9/2007 +0100, Alex wrote:
Anyway, we seem to drift further and further away from the true topic
of this list: fighting email forgery using SPF. I think we should not
continue to define semantics of spam, uce, ube, "une" and such here.
I'll agree with that, but I'm would like to hear more discussion on the
proposal that we should have a special category for SCE (or whatever we
want to call it). Discussion of reputation systems is a bit outside the
scope of SPF, but I believe the topic is relevant to SPF, because the true
value of SPF will only be realized when it is used in conjunction with a
reputation system, and the needs of reputation systems should influence
further development of SPF.
My initial opinion is that opening up a special category for SCE will blur
the line between spam and ham, and that *any* legitimate sender can avoid
getting near that line by simply sending a clearly-worded confirmation
email before adding an address to their list. That will take care of the
broker who sincerely understood that I had requested more "information".
There is still the practical problem that Stuart detailed at the start of
this thread. How can an automated reputation system deal with legitimate
senders of SCE (e.g. amazon.com)? My initial thoughts are that it can't be
automated, at least not for senders just getting started. Established
senders of SCE should have no difficulty *maintaining* a good reputation,
because any lowering of that reputation should be based on human feedback,
and there will be plenty.
New senders of SCE will probably need the help of an accreditation service,
or perhaps a "voucher" from their ESP or trade association. Or they can
simple relay their mail through their ESP's server, and rely on that ESP's
reputation to ensure delivery. Any of these options can be implemented in
a reputation system without establishing a separate category or procedures
for SCE. The accreditation service is treated the same as any rating
service, and will lose its credibility if it is not careful. Vouchers
simply say "treat this email as if it came from us". The vouching ID can
then be held responsible. Relaying requires the least change in status
quo. I am not aware of any deliver-ability problems in mail I have sent
via my two relays - yahoo.com and controlledmail.com. (I have not tried
any mass mailings, however).
-- Dave
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735