ietf-asrg
[Top] [All Lists]

[Asrg] Opt-out lists and legislation

2003-03-10 14:01:02

This is one of the issues that I think needs to be addressed if legislation
against spam is enacted.

A review of the Nixon vs Blastfax decision suggests that even the current
anti-junk-fax laws might not survive supreme court review (particularly with
this shower). In particular there is an argument to be made that a blanket
ban on unsolicited faxes is not the most narrowly tailored remedy. I
consider the court's other opinions to be spurious but I suspect that even
if the narrowness issue works for junk fax it is unlikely to work for junk
email.

There are currently two camps, anti-spam campaigners wanting a blanket ban
with no opt-out list and the DMA which wants to kill the competition from
spam but not by setting a precedent that could affect their members.

The problem with opt-in for anti-spam campaigners is that the spam senders
get a ready made list of people to spam. So the legislative trick to finesse
this is to have an opt-out list that can be used to check to see if someone
has opted out but not to see how to email them.

This requirement is met by a one-way function, as I have previously observed
(and published in a very prior-art sense) in 1995 or so. There are a bunk of
tweaks that can be applied to make processing more efficient but the upshot
is that anyone can check against the list without the list being a source of
spam addresses.


My view on the legislative issue is like the view of everyone else on this
list, completely irrelevant. If congress decides to take the issue up they
will. There are very good law enforcement reasons for taking action on spam,
precisely because the activity it is supporting is already largely illegal.
It makes sense to criminalize their accomplices too.

Another effect that legislation can have is to provide safe harbor against
vexatious injunctions intended to keep a spamhaus in business a few weeks
longer while they try to get a new feed.


One side effect of a canonical opt-out list would be that it would expose
the false nature of the click here to opt out links.

                Phill

-----Original Message-----
From: Justin Mason [mailto:jm(_at_)jmason(_dot_)org]
Sent: Monday, March 10, 2003 2:42 PM
To: Vernon Schryver
Cc: Asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Lets Fix Mailing Lists


On Mon, Mar 10, 2003 at 11:05:03AM -0700, Vernon Schryver wrote:
From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>
I've repeatedly pointed out reasons why that is not just 
possible but
quite likely.  Contrary to spammer fighter religious dogma, many
(but certainly not all) spammers care very much about receiving
"bounces" and "removes."  Many spammers honestly think that letting
their targets opt-out is the right thing to do.

In that case, things have changed a lot since April 2002. 

      http://www.ftc.gov/opa/2002/04/spam.htm:
      In another initiative, Netforce partners tested whether "remove
      me" or "unsubscribe" options in spam were being honored. From
      e-mail forwarded to the FTC's database, the agencies culled
      more than 200 e-mails that purported to allow recipients to
      remove their name from a spam list. The agencies set up dummy
      e-mail accounts to test the pledges, but discovered that the
      vast majority of addresses to which they sent the requests
      were invalid. Most of the "remove me" requests did not get
      through. Based on information gathered by the Netforce, the FTC
      has sent more than 75 letters warning spammers that deceptive
      "removal" claims in unsolicited e-mail are illegal.

--j.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg