[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Asrg] Opt-Out Notes: too complicated, ignoring history
> www.cauce.org/proposal, same place it's been for years
Its well known draft. And I usually do not like to critisize CAUCE, I
actually think its one of the best anti-spam organizations, but you're
beeing too one-sided here.
The problem is that your proposal forces all forces the same settings on
all users of the isp and does not make any distintion on type of UCE. It
also does not solve the problem on when user game some company consent to
send emails about new MP3s and they begin to send him credit card offers
for example, claiming full consent to send user whatever they like and
afterwards company goes out of business and email list is sold to another
company (as part of merger process) and now they claim consent, etc etc.
What we need is system to regular the cases above where some type of
opt-in happened but comapny is not behaving properly and along with that
regular all those semi-legit business that buy your email "opt-in" email
lists from failed .coms. I'm not talking about trying to regular
completely unsolicited email, that is trying send some fraud offer, these
we need to completely stop. Now as far as regulation, marketing is big
business in US and they have powerfull friends that will fight in court
any attempts to pass a law that allows isp to choose unified policy for
all its subscribers, but if system is such that user can CHOOSE to opt-in
or opt-out on per-user basis, they will not be able to challenge this kind
of law (though, I'm sure they'll try...).
I always try to find compromise between different positions and what you
saw in my proposal is such a compromise - its complex, but it allows for
local control of opt-in preferences through isp (which can set default
opt-out everyting for its users) or directly by end user, it allows for
some goverment regulation and has privacy issues dealt as best possibe
(i.e. your email does not go outside your isp for example) and as well as
using such encryption techniques that do not allow advertisers to sell
permission to email you to somebody else or use it for different purpose.
I can't think of any other proposal that goes as far and has so many
options which I believe should satisfy all sides. Yes, its complex - most
of my proposals are, that is what I'm good at - finding good points in
different solutions and trying to combine them together to offer good in
each at the same time eliminating weeknesses that one particular solution
may have, you'll probably see this in my other proposals.
P.S. Keep in mind my opt-out proposal is not designed to regulate UBE, its
designed to regulate opt-in and semi opt-in marketing companies and only
those that operate under the law.
> > Where is the draft of it. Most banner proposals have had a number of
> > problems.
>
>
> Please keep in mind that the point of his proposal is to provide a spec
> for laws that want to provide server operators with a consistent way to
> provide notice to senders that they don't want UBE or UCE. As Hamidi,
> Compuserve v. Cyberpromo, and many other cases have established, server
> operators are quite entitled to tell unwanted visitors to go away.
>
> > 1) "Banner" implies they occur on connection, however you don't yet
> > know the policies of the target users until you get a RCPT command.
>
> The banner displays the policy of the server owner.
>
> Every ISP has terms of service, no ISP provides an unlimited unfiltered
> bit pipe to and from the entire rest of the world, and no ISP will receive
> an unlimited amount of mail for its users. It's perfectly reasonable for
> the terms to say that they don't accept incoming spam unless you pay
> extra, just like they say that your mailbox is only 10MB (or whatever),
> and if you want to get bigger messages than that, you're ouf of luck
> unless you switch to their higher priced service with bigger mailboxes.
>
> If for some reason a server owner wanted to sell a higher priced service
> for people who want spam, he could set up a subdomain with a separate
> server (most likely on the same physical equipment) that doesn't say NO
> UCE or NO UBE.
>
> > 2) There's no good way to deal with the question of legitimate relaying,
> > ie. MX records.
>
> The banners on a domain's MXes are the domain's policies. If a domain has
> more than one MX, it would be a good idea if they all published the same
> policy, but that's not a technical issue. Outgoing relays before the
> transaction to the MX or incoming relays after that transaction don't
> matter, since the MX is where the mail is handed from the sender's agent
> to the recipient's.
>
> I realize that you can construct scenarios where a mailbox on server A
> without a NO UBE policy is forwarded to a mailbox on server B which does
> have a NO UBE policy, but humans interpreting a law wouldn't have any
> trouble dealing with that; if the forward was authorized by the user on
> server B, it's solicited, if not, it's server A's problem to control his
> network.
>
> > All your MXs and other relays need to know the
> > preference of every _user_ they relay for, unless they relay only for
> > single-user sites.
>
> This is the "every user's entitled to receive all spam" fallacy again.
>
> > 3) Likewise, what do outgoing relays do? For many mails, the user sends
> > mail to an outgoing MTA, that relays to an MX, which relays to the
> > target MTA.
>
> That wouldn't be a good way to send mail that needs to obey a NO UCE or NO
> UBE policy. So don't do that. Every ISP I know of doesn't let you send
> spam through their MTAs anyway, so this would not be a change to current
> practice.
>
> > The only way to deal with this is to require the
> > outgoing user to label, so that the MTA which finally talks to the
> > final destination can know what to do if it's informed about a
> > policy after it issues the RCPT TO:
>
> Not at all. They could either listwash before sending the mail (we have
> sample code on the web site), or hire a mailing service that washes on the
> fly.
>
> This proposal does make it somewhat harder, but not overwhelmingly so, to
> send UBE or UCE to people who will accept it. I don't see that as a
> problem, since it pushes the cost of spamming back on the spammers. It's
> a content neutral (for NO UBE at least) time and manner regulation.
>
> This has the significant advantage over other proposals I've seen that it
> doesn't require any software work by the recipient server operators other
> than editing the server banner one time to add the appropriate text,
> something that is easy to do with all the SMTP servers I know.
>
> Regards,
> John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
> Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
> "A book is a sneeze." - E.B. White, on the writing of Charlotte's Web
>
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg