[domainrep] Reinventing opt-in, message streams, reputation as abidance
Alessandro Vesely <vesely@tana.it> Sun, 17 October 2010 14:38 UTC
Return-Path: <vesely@tana.it>
X-Original-To: domainrep@core3.amsl.com
Delivered-To: domainrep@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4B17E3A6AF6 for <domainrep@core3.amsl.com>; Sun, 17 Oct 2010 07:38:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.636
X-Spam-Level:
X-Spam-Status: No, score=-4.636 tagged_above=-999 required=5 tests=[AWL=-0.517, BAYES_50=0.001, GB_I_LETTER=-2, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uULILz1XFjUs for <domainrep@core3.amsl.com>; Sun, 17 Oct 2010 07:38:32 -0700 (PDT)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id 0987B3A6A5E for <domainrep@ietf.org>; Sun, 17 Oct 2010 07:38:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tana.it; s=test; t=1287326390; bh=VbO2HOedBIldEcxaDBJ65G3kDOYC8HtH4bJc77Vq5jw=; l=3608; h=Message-ID:Date:From:MIME-Version:To:Content-Transfer-Encoding; b=gKFB9AMAk9O/XivhiJVRcV0QpW+EdU3sxkYlwzhf1L1Ocn3iQhT6Sy7RsmFEeauAR coZnh9PsP+Nu5w3+QycEvfM3TLjlMRWZzxFGuQEEhdov66icBa2hD00zc+iTguDCkY juMbnot/mEDoizXlLeqzNEngxm/SQF9Jk8uwDqwk=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Sun, 17 Oct 2010 16:39:50 +0200 id 00000000005DC039.000000004CBB0AB6.00004F47
Message-ID: <4CBB0AB6.8080907@tana.it>
Date: Sun, 17 Oct 2010 16:39:50 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.9) Gecko/20100915 Lightning/1.0b2 Thunderbird/3.1.4
MIME-Version: 1.0
To: domainrep@ietf.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [domainrep] Reinventing opt-in, message streams, reputation as abidance
X-BeenThere: domainrep@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Domain Reputation discussion list <domainrep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/domainrep>, <mailto:domainrep-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/domainrep>
List-Post: <mailto:domainrep@ietf.org>
List-Help: <mailto:domainrep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/domainrep>, <mailto:domainrep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2010 14:38:34 -0000
Hi all, I wonder if this issue may be part of domainrep, as an intermediate step toward collaborative domain reputation tracking. As concisely as I can, the issue is as follows: To modify usual opt-in mechanisms so as collect and share evidence about subscription requests. This revised opt-in mechanism is to be standardized and applies equally well to mailing lists, newsletters, and bulk email of any kind. The rationale should be self evident, especially considering that opt-in is mandatory in some countries --how can it ever be enforced if accuseds can only produce their own word? More reasons below, including why opt-in may be relevant for domain reputation. *message streams* List Domain Signing Practices have been aired on the DKIM mailing list, hypothesizing possible relationships between the domain in List-Id or List-Post header fields and the d= tag. Perhaps, that idea has to be revised, as newsletters don't often sport List-* fields. I think we agree that it is fairly easy to mechanically identify whether a message belongs to a given message stream. For opt-in purposes, we need a statement that identifies a given list with a specific message stream. *why would MLMs change their behavior*? This opt-in revision provides a receipt that a sender can use to respond to any charge of illicit sending, including abuse reports. Perhaps, this is more of a relief for newsletters than mailing lists proper. By cooperating with target MTAs, mailing lists can provide a better user experience, e.g. by avoiding vacation messages, easier delivery to specific folders and whitelisting. Reasons why subscribers or MLMs may want to keep subscription data as secret as possible may originate from fear of discrimination, or commercial competition concerns. Divulging data to reputation trackers is not strictly necessary, in case such issues cannot be overcome. *reputation as abidance* A receipt --the evidence that a user opted in-- is a very interesting piece of data. Adding them up results in the number of subscribers. Weighting that with the number of dubious deliveries can lead to determining a fairly good reputation measure, ranging 0 to 1 as Nathaniel said it should. What is a dubious delivery (DD)? Obviously, a delivery of a message that belongs to a list stream that the recipient hasn't subscribed to. DDs can be detected by MDAs even with no human intervention: That's what makes the resulting measure fairly good. At 100% adoption it would be exact. Note that a sender doesn't have to be scored 1.0 to be whitelisted. A reasonable amount of "auto-subscriptions" can be tolerated, and users may be required to confirm them within a few DDs. Bad guys can game such systems by creating huge sets of fake subscribers, so that real DDs always weight low in comparison. However, each ADMD can track its own partial view of reputation, and possibly exchange it with others in its network of trust, as already discussed on this list. A rater can tell apart the good from the bad by monitoring automated feedback loops. *conclusions* Thus far, I've only spelled some requirements: ADMD's mail servers should be involved in certifying a user's subscription. We don't need a Global Mailing Lists Registry, but having some trusted raters would be a Good Thing (TM). Implementation could be as simple as signing subscription requests and adding some CCs, or provide for a full blown subscription management protocol. Would this fly?
- [domainrep] Reinventing opt-in, message streams, … Alessandro Vesely
- Re: [domainrep] Reinventing opt-in, message strea… Jeff Macdonald
- Re: [domainrep] Reinventing opt-in, message strea… Alessandro Vesely
- Re: [domainrep] Reinventing opt-in, message strea… Jeff Macdonald
- Re: [domainrep] Reinventing opt-in, message strea… Alessandro Vesely
- Re: [domainrep] Reinventing opt-in, message strea… Jeff Macdonald
- Re: [domainrep] Reinventing opt-in, message strea… J.D. Falk
- Re: [domainrep] Reinventing opt-in, message strea… Alessandro Vesely
- Re: [domainrep] Reinventing opt-in, message strea… Tony Hansen
- Re: [domainrep] Reinventing opt-in, message strea… John Levine
- Re: [domainrep] Reinventing opt-in, message strea… Tony Hansen
- Re: [domainrep] Reinventing opt-in, message strea… John R. Levine
- Re: [domainrep] Reinventing opt-in, message strea… Douglas Otis
- Re: [domainrep] Reinventing opt-in, message strea… Jeff Macdonald