<<< Date Index >>>     <<< Thread Index >>>

[IP] more on Yahoo, AOL, Goodmail and IP]





-------- Original Message --------
Subject:        Re: [IP] Yahoo, AOL, Goodmail and IP
Date:   Wed, 08 Feb 2006 14:17:55 -0800
From:   Dave Crocker <dhc2@xxxxxxxxxxxx>
Reply-To:       dcrocker@xxxxxxxx
Organization:   Brandenburg InternetWorking
To:     dave@xxxxxxxxxx
CC:     ip@xxxxxxxxxxxxxx
References:     <43EA6390.6080202@xxxxxxxxxx>



Dave Farber wrote:
I would not pay. I woud tell IPers to get another isp djf
From:     Cindy Cohn <cindy@xxxxxxx>

I blogged a piece about the recent decision by AOL and Yahoo to use the Goodmail system that might be of interest to IP. EFF will be doing more on this topic, but we wanted to start the discussion.


Dave,

Without commenting on the particulars as they relate to Goodmail -- especially since I am on the advisory board for Habeas, a competitor -- leet me note that public discussion is largely missing the nature of the current Internet mail realities and the nature of the ways we can deal with them.

There are two articles in the current issue of the Internet Protocol Journal <http://cisco.com/ipj>, of which I wrote one, that provide some useful background about this reality.

Simply put, Internet mail needs to sustain spontaneous communications -- that is, communications without prior arrangement -- and the benefit of such a capability is fundamental. However the scale and diversity of the modern Internet now includes many folk who the security geeks appropriately call Bad Actors. We are stuck with these competing points: Maintaining open contact, but dealing with some very nasty users.

A great deal of very good work has been done, to detect these bad actors and their bad messages. Often, that work is quite helpful. In spite of this the total amount of global spam and email abuse has yet not gone down. We must continue with efforts to detect and deal with Bad Actors, but there is a separate path that is at least as valuable:

    We need methods for distinguishing Good Actors.  Folks who are deemed
    "safe". In effect, we need a Trust Overlay for Internet mail, to permit
    differential handling of mail from these good actors.

In general terms, a trust overlay requires reliable and accurate identification of the actor and a means of assessing their goodness. In other words, authentication and reputation.

We are already pursuing a standard for message transit handling authentication, through Domain Keys Identified Mail (DKIM). See <http://dkim.org>. There is discussion about various assessment standards for reputation and accreditation. Although DKIM is quite viable in its pre-standards form, there is no candidate for standardized reputation reporting.

With all of this as background, imagine that you are an online service that needs to ensure that a customer order confirmation, or an equivalent critical transaction message, is delivered to the customer. Then imagine that you are offered a means of safely and reliably identifying this specific class of mail, so that it receives differential handling. The incentives for a company to pay to ensure that delivery are substantial.

And that is what the recent announcement is about. It concerns a means of ensuring delivery of "transactional" mail. This is quite different from "marketing" mail and it is not in the least controversial.

I would greatly wish that the mechanisms used open standards, but the basic model of developing a trust-based overlay for Internet mail seems an essential enhancement.

/d

--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/