----- "Steve Atkins" <[email protected]> wrote: > > On May 26, 2009, at 3:36 PM, Franck Martin wrote: > > > I'm curious to see if the feedback loop mechanism could be extended > > using DKIM. The concept may have many issues, but I want to see if > > it is a stupid idea, or if it would have some merit. > > > > The system would be for the sender to include in the dkim mechanism > > an FBL-email: header wich would tell the receiving mail system where > > to send an ARF email if the recipient hit the spam button. > > > > This would provide a mechanism similar to FBL but allowing small > > receiving mail systems to participate. > > FBLs as currently implemented don't work very well except for webmail > and AOL, because there's no UI support for it elsewhere.
It is also very heavy to have a FBL program this is why only a few ESPs offer feedback loops. I'm not sure it is something feasible for an organisation with a substantial number of users, like universities or small ISPs. > > Without some sort of MUA support, I think it's pretty much a non- > starter (though there are a bunch of startups and projects that > disagree with me and try and do similar things by annotating the email > itself at the MX). Yes there must be MUA support. So what will come first, the chick or the egg, the protocol, or the mua support? ;) > > Are you thinking that this would be something that could be handled > by, for example, an Outlook or Thunderbird plugin, without necessarily > needing any support from the receiving ISP? Yes this is definitively a possibility. There is a spam button in many Mail clients , code could be altered. In webmail, this could be better handled by the server, in some mail clients like zimbra, the spam button send a copy of the message to the learning engine on the mail server. > > > I think some stats show that 30% of people hitting the spam button, > > really means, unsubscribe me from this mailing list. > > > > Also, mail footers with remove links, are either not read or are not > > trusted by the recipient, I think, it is safer to hit the spam > > button, than to click on the links. > > The List-Unsubscribe header is nearly as trustworthy as a DKIM signed > FBL-Email header as far as communicating a desire to receive no > further email is concerned, and it's been around forever, yet there's > not been that much MUA support for it so far. I'm not sure whether > that's because of a lack of desire or just due to the overly vague > specification of List-Unsubscribe and friends. > The trouble with the List-Unsubscribe: is that it usually contains an URL and no mail client understand this header and it could be faked. > > > > By sigining the FBL-email: header it would give a certain level of > > trust, that there is a mailbox at this address and that the mailbox > > has been set to process ARF emails. The FBL-header must be DKIM > > validated, otherwise it would not be helpful at all. > > Presumably there'd be some constraint to prevent a (DKIM-signing) > spammer putting some random third party email address in there too. Yes, but DKIM would bring better trust than a non validated List-Unsubscribe. Beside if you have allowed the email to come in, despite the reputation around the dkim domain, I think you can trust in the same way the email to send the report to.
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
