On 24/Sep/11 01:30, John Leslie wrote:
Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
However, random junk easily side steps [filtering] rules. This brings
us back to opt-in with perhaps review of junk folders for strays.
That depends on how you define "opt-in"...
Technically, it's possible to gather opt-in confirmations and
whitelist the particular List-ID and MTA (though not trivial).
To gather confirmation stealthily is not only difficult, but also
questionable for what concerns the subscriber's consent.
If the service in question _participates_ in the opt-in, it could
provide additional "secrets" to check on incoming email.
The participation of the subscriber's MTA can significantly harden
opt-in practices. However, it requires a consent-exchange Internet
protocol for email users. That can allow MLMs to send list messages
using existing authentication methods, including SMTP AUTH. The
resulting "triple opt-in" can also feature
* an automatically updated list of subscriptions and redirections,
* actual possibility to erase or rectify each of them,
* easy verification of legitimate behavior,
* catching some illegitimate disclosures of addresses, and
* better anti-spam filtering by whitelisting legitimate messages.
Personally, I doubt it's worth the trouble for a researcher to try
to duplicate all the details of how ISPs do filtering today -- instead
one needs to invent rules of what "opt-out" _means_.
Since opt-out implies an initial set of addresses anyway, and such
addresses _must_ result from opt-in, it seems that while we want to
harden opt-in on the one hand, we want to weaken it on the other.
For a start, an opt-out request from a customer probably _doesn't_
mean you hunt down an unsubscribe process for any senders except
those with contractual arrangements (possibly through a clearing
Using SMTP AUTH, an MTA can reply "550 user opt-out" right after the
relevant RCPT TO. Consider that a participating MTA can subscribe
User-987654321(_at_)example(_dot_)com: it is not required to pass the same email
address when the same user subscribes to different lists, even if they
are managed by the same MLM.
Asrg mailing list