On 2011-05-12 at 15:47 -0700, Murray S. Kucherawy wrote: [ quoting Phil Pennock: ] > > So this just means that, for whatever "certification" organisations > > altn.com is using when assessing via VBR, you haven't paid one of them > > to be included. > > Right, and I agree it's not a concern unless someone you really need > to reach implements VBR in some foolish manner. Not a cause for > alarm, at least not yet.
[ This is veering off-topic for exim-users, so ideally we'd use a different forum, but I'm not aware of a good mail-policy discussion forum for longer-term thinking, so I'll continue here for now, in the hopes that this remains constructive ] If absence from a VBR list ever becomes a significant cause for concern by postmasters then Internet email will have become a system where we have to pay third party gatekeepers for permission to mail each other privately. I sincerely hope that this is never the case. So if the absence becomes a cause for alarm, then that fact should be a cause for meta-alarm. I can see an approach of "well, you don't use VBR for pre-established contacts, only for new contacts" but that allows for third-party tracking and analysis of who talks to who, when contacts are set up, which is itself a cause for alarm in any privacy-conscious culture. Further, I predict that this itself would be the inch given that leads to a mile taken, after which the lobbying organisations who specialise in running third-party assurance providers would lobby in some major jurisdictions to make the receiving postmaster liable for the consequences of spam received if it wasn't vouched for, which effectively kills off all non-VBR usage. Given the track record of the PKI for TLS, it's clear that serious lobbying and standards-body-control is used to pressure towards standardising on only one body being able to vouch for a given communication and attempts to change that are diverted into privacy-compromising solutions, such as "have the web-browser send the server a list of all trusted CAs". I don't see any serious good coming from widespread deployment of a system which makes third party organisations be global gatekeepers of private communications. Local gatekeepers, such as paying an ISP or a mail specialist provider or anti-spam service provider, these work well (and Cloudmark is successful here, I believe?). But scaling control infrastructures up to national or global levels is a fundamentally bad plan. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
