Saturday, June 09, 2007

Email blackmail is unnecessary

From Slashdot:
Under the guise of fighting spam, five of the largest Internet service providers in the U.S. plan to start charging businesses for guaranteed delivery of their e-mails. In other words, with regular service we may or may not deliver your email. If you want it delivered, you will have to pay deluxe.

It's tempting to think that such schemes, although distasteful, are necessary to fight spam. They are not.

A good reputation system can be used to provide reliable delivery to high-volume, non-spamming senders, and it can be done without punishing non-profits, mailing lists, startups, or others who can't afford to pay extra delivery fees.

How does that work? Brad Taylor of Google published a paper about the Gmail reputation system, which is quite effective (pdf or html).
... spammy domains get nicely clustered around a reputation of zero. We know these domains are spammy because if our users disagreed with us, they would unmark spam on them and the reputation would no longer be zero. Nonspam domains are more loosely clustered in the 90-100 range. There ends up being a smattering of domains in be- tween. Many of the messages in the in-between category are from legitimate bulk senders, and the lower than 90 percent reputation is a reflection of less-than-ideal sending practices. But not all bulk senders are the same. Some have very high SPF and DomainKey reputations. For example, eBay's DomainKey reputation is 98.2, enough to be whitelisted by Gmail. This is the "holy grail" of bulk sending, and it is all done without requiring any payment or extra effort on the part of the sender other than just having good mail hygiene.

Unfortunately Google does not currently publish this reputation information, though I'm hopeful that they will eventually. (but I know that the team there is already hard at work on a number of other important projects)


coop said...

Reputation systems will only be of particular use for domains with SPF / SenderID records, though.. because otherwise joe-job spam will get through. Unfortunately SPF / SenderID penetration is extremely low (I can't complain though.. I only use it on one of my own domains).

Jonathan said...

My experience using gmail suggests otherwise.

Paul Buchheit said...

coop, read the Google paper.

Justin Mason said...

Speaking as one of the SpamAssassin developers, we'd love to hook into any kind of reputation data Google would eventually publish. Right now, there's lots of these proprietary reputation systems out there, but as yet the only publicly-available ones are the venerable old DNS blocklists we've used since forever, which is a shame.