I've often wondered if it was practical to create a list of "Certified
Non-Spammers." If you think about it that's what AOL is doing, but in
their case it's for private use.
There could be a short list of requirements, testing by the non-profit
organization that manages the list, and then a DNS lookup database that
so many are so fond of that keeps the list. It seems to me that most of
the tools are available and automated. I think it's something 2-3
"good" people could get off the ground fairly quickly.
There would probably have to be a fee to be tested and listed, although
I don't imagine it would have to be too much. I don't think you'd want
to charge to use the lookup service. Perhaps AOL would contribute to
getting it started, since there would have to be savings to them if it
was done right. And there are others, not just AOL, who would benefit.
In the case of AOL, this wouldn't eliminate everything they do, but
having a legitimate, independent third-party manage the "whitelist" has
to be a good thing, at least from a perception/PR point of view.
On Mon, 30 Apr 2001, Tom Neff wrote:
Date: Mon, 30 Apr 2001 08:02:36 -0400
From: Tom Neff <firstname.lastname@example.org>
Subject: we aren't the enemy, but it's hard to prove it
The problem at the core of the AOL thing is one that comes up again and
again here: It is asymptotically hard to distinguish between a legitimate
mailing list and a spammer. In Nature Channel terms, we are the ungainly
host species which they cleverly mimic in order to snatch prey. The
characteristics that really do tell us apart or SHOULD tell us apart - (1)
that recipients voluntarily joined and are expecting our list mailings, and
(2) the senders are traceably real and uncloaked - are nearly impossible
for an MTA to confirm automatically. And if there were a magic cookie you
could include to ensure safe passage at, say, AOL, it would instantly be
exploited by spammers.
Nevertheless, as managers of mailing lists holding many thousands of AOL
members, we should try to come up with something that works. It's gonna be
hard to do this in a way that can't be exploited though.