On 06/07/05, John Levine <johnl@iecc.com> wrote:
Shameless plug: over in the anti-spam research group at asrg.sp.am I sure would like it if people were working on reputation systems to plug the gaping hole left by all these authentication schemes.
Not sure if it's a "gaping hole," so much as an unfortunate fact that sender reputation is already proving to be even harder to standardize than how to confirm the identity of a sender. We can't have reliable reputation until we know who the mail is coming from -- so reliable identity is a necessary first step. Operationally, this means that ISP's can't yet abandon whatever reputation systems they already have in place (most of which are based on the source IP address, or on in-message criteria.) But they can (and should) start testing whichever verification scheme best fits their mail flow patterns, so that all of our internal reputation engines can start evolving. -- J.D. Falk blong! you are a pickle! <jdfalk@cybernothing.org>