John Levine wrote:
[ Charset UTF-8 unsupported, converting... ]
Can you provide a legal citation? That would be really cool!
1. Blocking EMail based on DMARC policy is illegal per ?206 Abs. 2 Nr. 2
StGB.
2. Actually, even looking at rfc5322.From (rather than MAIL FROM:) for
the purpose of looking up DMARC policy records
is illegal per ?206 Abs. 2 Nr. 1 StGB.
3. Any DMARC-triggered reporting about forwarded emails is also illegal
per ?206 Abs. 1 StGB and ?88 TKG.
If that's true, how can spam filtering be legal? The phrase "without
authorization" is pretty elastic, and all the ISPs I know consider themselves
authorized to mange user mail any way they want.
"without authorization" is a quite well-defined concept in telecommunication
legalese in Europe. Only the sender, and the recipients specified by the
sender are authorized. The telecommunications service provider is NOT
authorized, and neither is an employer.
SPAM filtering MUST be implemented as voluntary opt-in, otherwise it will be
illegal, as you correctly notice. Spam-filtering can only be legal when
it is performed strictly on behalf of the recipient, the receipient is
in full control over the behaviour all the time, and the blocking or
deletion of any messages is performed with explicit and voluntary
(i.e. condition-free) consent of the receipient himself.
A preselection to tag Mails as potential spam or to store potential
spam in a second inbox might be permissible, a preselection to block
or delete potential spam would certainly be illegal.
-Martin