more on Yahoo, AOL, Goodmail and IP]

[Dave Farber <dave () farber net>]

-------- Original Message --------
Subject:        Re: [IP] Yahoo, AOL, Goodmail and IP
Date:   Wed, 08 Feb 2006 14:17:55 -0800
From:   Dave Crocker <dhc2 () dcrocker net>
Reply-To:       dcrocker () bbiw net
Organization:   Brandenburg InternetWorking
To:     dave () farber net
CC:     ip () v2 listbox com
References:     <43EA6390.6080202 () farber net>



Dave Farber wrote:
> I would not pay. I woud tell IPers to get another isp djf
> From:     Cindy Cohn <cindy () eff org>
>
> I blogged a piece about the recent decision by AOL and Yahoo to use  the 
> Goodmail system that might be of interest to IP. EFF will be  doing more 
> on this topic, but we wanted to start the discussion.


Dave,

Without commenting on the particulars as they relate to Goodmail -- especially 
since I am on the advisory board for Habeas, a competitor -- leet me note that 
public discussion is largely missing the nature of the current Internet mail 
realities and the nature of the ways we can deal with them.

There are two articles in the current issue of the Internet Protocol Journal 
<http://cisco.com/ipj>, of which I wrote one, that provide some useful 
background about this reality.

Simply put, Internet mail needs to sustain spontaneous communications -- that 
is, communications without prior arrangement -- and the benefit of such a 
capability is fundamental. However the scale and diversity of the modern 
Internet now includes many folk who the security geeks appropriately call Bad 
Actors.  We are stuck with these competing points:  Maintaining open contact, 
but dealing with some very nasty users.

A great deal of very good work has been done, to detect these bad actors and 
their bad messages.  Often, that work is quite helpful. In spite of this the 
total amount of global spam and email abuse has yet not gone down.  We must 
continue with efforts to detect and deal with Bad Actors, but there is a 
separate path that is at least as valuable:

    We need methods for distinguishing Good Actors.  Folks who are deemed
    "safe". In effect, we need a Trust Overlay for Internet mail, to permit
    differential handling of mail from these good actors.

In general terms, a trust overlay requires reliable and accurate identification 
of the actor and a means of assessing their goodness.  In other words, 
authentication and reputation.

We are already pursuing a standard for message transit handling authentication, 
through Domain Keys Identified Mail (DKIM).  See <http://dkim.org>.  There is 
discussion about various assessment standards for reputation and accreditation. 
Although DKIM is quite viable in its pre-standards form, there is no candidate 
for standardized reputation reporting.

With all of this as background, imagine that you are an online service that 
needs to ensure that a customer order confirmation, or an equivalent critical 
transaction message, is delivered to the customer.  Then imagine that you are 
offered a means of safely and reliably identifying this specific class of mail, 
so that it receives differential handling.  The incentives for a company to pay 
to ensure that delivery are substantial.

And that is what the recent announcement is about.  It concerns a means of 
ensuring delivery of "transactional" mail.  This is quite different from 
"marketing" mail and it is not in the least controversial.

I would greatly wish that the mechanisms used open standards, but the basic 
model of developing a trust-based overlay for Internet mail seems an essential 
enhancement.

/d

--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/