Dave Crocker of Brandenburg Consulting wrote a message today to Dave Farber’s “Interesting People” mail list in which he made the following observation:
We must continue with efforts to detect and deal with Bad Actors, but there is a separate path that is at least as valuable: We need methods for distinguishing Good Actors. Folks who are deemed “safe”. In effect, we need a Trust Overlay for Internet mail, to permit differential handling of mail from these good actors. In general terms, a trust overlay requires reliable and accurate identification of the actor and a means of assessing their goodness.
In other words, authentication and reputation.
Crocker is talking about screening for “good actors”: some test that distinguishes trusted senders from the rest (this is not necessarily equivalent to identifying “bad actors” because there may be a vast middle that is neither good nor bad). Screening mechanisms are one of the two categories of fundamental mechanisms for dealing with hidden information problems, the hidden information in this case being the sender’s private knowledge of whether she is a good or a bad type.
Part of a good actor screening mechanism, Crocker argues, is a reputation mechanism, which of course is fundamentally an ICD problem. He suggests that there is good progress on authentication mechanisms (he favors DKIM, to which he is contributing, but in his IP Journal article he discusses SPF, SenderID and other variants, too), but he believes that “there is no candidate for standardized reputation reporting.”
Final comment on Crocker: he points out that the Goodmail system that AOL and Yahoo! just announced they will use is trying to implement a good actor screening system by allowing good actors to buy higher class transit for their mail.
(Crocker, by the way, is one of the networking engineers who has been important to the development of Internet protocols since long before the Internet was a commercial, public platform. He was an area director of the IETF 1989-1993, and was one of the authors of early Internet email protocols 1978-82.)