As with all such networks, as this grows larger, the potential for problems also grows. Spamcop for instance has suffered greatly from a large number of anti-commercialism administrators or people that are just plain irresponsible reporting their spam, and a system like this represents a potential for problems of a similar type, where you are expected to trust an administrator without regard to the content of the messages, the protections that they have in place to prevent misuse, or even their honesty in joining in the first place.
There are many of us that have had issues with our customers spamming on occasion, and if you can't trust your own customers, why should you trust the customers of others over whom you have no control over. If these don't currently represent a measurable problem, then why apply a fix which might prevent a future spamming incident from being blocked?
I'm not against the idea of having some form of a registry, however the root of the problem is in differentiating among the gray stuff and not among the non-automated stuff. I find value in things like BONDEDSENDER, though to some purists, they view this as legitimizing large commercial spammers because their definition of spam differs from mine. Heck, Kami and I can't even agree on what spam is when it comes to this gray area stuff, and although I trust Kami's opinion on what he considers to be trusted senders, I wouldn't automatically trust his customers, or some list over which he is only in part involved in maintaining.
I'm much rather first create a concise definition for spam and a process for review, and then build a list of automated-mailers to trust and not trust, and share that list with a select group of trusted administrators to maintain, and allow other non-trusted administrators to make use of. The list would have to be IP based, and the people would need to be responsible and dedicated to the task, and share the same values, otherwise it would just become another Spews.
If someone can show me the value of crediting points to hosts which account for almost none of my mail volume, over which I have no familiarity with their rules and procedures, and for which I am not aware of any substantial problems, I will definitely reconsider my stance.
Matt
R. Scott Perry wrote:
How do the names get added to the list (or web-o-trust)?
By getting someone to trust them.
For example, we're asking that our customers let us know that they have set up a WOT file, and we add them to our WOT file, which a lot of people already trust.
It appears that companies say, "I'm not a spammer, trust me!" What keeps the spammers of the list?
Several things.
First is the limitations -- for example, if you trust us (that the IPs we list and the WOT files that we list are all "good"), but have a feeling that one of our customers may somehow include a spammer's WOT file, you can use "include http://www.declude.com/web-o-trust.txt 2", which will trust us (1) and our customers (2). But it will not trust IPs that our customers trust.
Second is "omit". If we find that somehow a spammer gets a WOT file that our WOT file trusts, we can omit it ("omit http://www.spammer_domain.com/web-o-trust.txt ).
But, it would be a real hassle for a spammer to do this -- they typically have lots of compromised servers that they would need to list, and would need to find someone to trust them. Even if they find someone to trust them, they won't have any idea how many people are whitelisting them (since many people will use the limits). Then, once they are caught, they will quickly be removed.
Of course, only time will tell how effective it really turns out to be. I think it has a lot of promise.
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
