On Apr 10, 2013, at 6:26 AM, Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote: > On 04/09/2013 08:07 PM, John Levine wrote: >>> Quoting Nathaniel Borenstein [1]: >>> >>> "One man's blacklist is another's denial-of-service attack." >>> >>> Email reputation services have a bad reputation. >> They have a good enough reputation that every non-trivial mail system >> in the world uses them. They're not all the same, and a Darwinian >> process has caused the best run ones to be the most widely used. >> >> There seems to be a faction that feel that 15 years ago someone once >> blacklisted them and caused them some inconvenience, therefore all >> DNSBLs suck forever. I could say similar things about buggy PC >> implementations of TCP/IP, but I think a few things have changed since >> then, in both cases. > > There's an inherent problem with letting 3rd parties affect email traffic, especially when there's no way to hold those 3rd parties accountable for negligence or malice. Dear Keith, I share your ideals. Being able to authenticate domains SOURCING emails brings self administration of sources much closer to a practical reality. As stated in the pdf paper "Domains as a Basis for Managing Traffic", one hundred thousand domains control 90% of Internet traffic out of approximately 100 million domains active each month. The top 150 domains control 50%, and the top 2,500 control 75% of the traffic. This level of consolidation permits effective fast-path white-listing, where then dealing with the remainder is less of a burden. Let me assure you a third-party internationally offering services aimed at mitigating abuse either in the form of unwanted inundation of commercial solicitations that also affords the resources needed for protections against malicious code is not above the law. We have endured many law suits brought by those wishing to profit on their various endeavors against the desires of our customers. Truth is one of the first victims in the abatement process. As such, evidence of abuse must be incontrovertible. Authorization does not imply culpability any more than some signed message content independent of the intended recipient or the actual source. Evidence must not rely on statistical likelihoods. The stakes are far to high. Regards, Douglas Otis