John Levine
johnl@iecc.com
Sun, 20 Apr 2008 12:57:13 -0400 (EDT)
> That might make it easier to use whitelists, but it does nothing > to solve the real problem, creating and maintaining those whitelists. Quite right. There are outfits working on creating whitelists, several of which are DAC members. > That gets back to the conflict of interest problem. Practically the > only sources of operating revenue for mail sender rating organizations > are senders of email. Practically the only email senders willing to > pay for a rating are those with natural reputations that need improvement. > Consider the history of consumer goods ratings organizations. However, if > you like the idea, consider Habeas or Ironport. Also Return Path, Goodmail, and perhaps Trade Micro. They all do indeed have to skate a thin line, listing people who are willing to pay, but not ones whose mailing practices are bad enough that the whitelist increases the amount of spam you get. > Would you trust that FDIC insurance implies an incoming mail message > with a valid DKIM signature is a bank statement instead of an > unsolicited bulk offer for a free credit card or brokerage services? No, but I'd trust that it was actual mail from a bank rather than a phish. > Such a mechanism might reduce phishing, but phishing has never been > the majority of the spam problem. Besides, judging from the little > spam I see, the phishing problem is much improved in the last several > months. You must be lucky. I'd say about a third of the spam that gets through the DNSBLs and is caught by spamassassin is phishes. R's, John