Here are my updated notes on Opt-Out:
I. Use of Opt-Out
1. How far is opt out applied
a. To do global opt-out for all commercial email services
b. To do opt-out for some special email-list or particular types of email
2. Timing reference for opting out
a. For existing ones that already send you email and participate in
the system.
b. For future ones that may want to send you email
c. For certain period of time (when you're on vacacation)
and can not receive as much email
I could not yet formulate what is to be said in this section, please help!
II. How opt-out is delivered
1. Distributed lists which use some type of encryption to allow validation
of particular address but not see enter list.
Pros:
a. Opt-out lists can be easily cleaned up before the transmission
b. Distribution of lists can be controlled by tightly controlled
Cons:
a. Serious issues that the encryption technology maybe broken
later on and as such allow to get clear list of all opted-out
email addresses
b. Distribution lists can easily go sub-distributed and go beyoned
authenticated base and thereafter abused
c. Patents relating to the encryption technologies exists
d. Concerns about who and how will make opt-out lists and distribute
them
e. Concerns that opt-out lists will instead be used to verify if
email address in spammer database is real
2. Opt-out server. Here special service/server is made available to
legit bulk-mailers. Anybody wishing to check if the address is
opt-out or not can connect to that server and check
Variations:
2a. One unified service is made available by the goverment or icann, etc
2b. A number of special opt-out servers exist in parallel which
are used/run by different groups of commercial mailers
Pros:
a. Opt-out lists can be cleaned up before the transmission begins
b. Distribution of lists can be controlled by tightly controlled
the authentication means can be well controlled to not allow
distribution certain allowed list of entities
Cons:
a. Special opt-out verification protocol may have to be developed
b. Concerns about who and how will run opt-out service
c. Concerns that opt-out service will instead be used to verify if
email address in spammer database is real
3. Opt-out system maintained together with mail servers on per-domain basis.
Variations:
3a. Service made available as part of mail server, new command added
to SMTP to check opt-out preference of user on email server
3b. Service made available as part of mail transmission and is more
tightly integrated with actually sending email, i.e. email being
sent contains some preference for opt-out check and email server
can based on that return email back with proper error code
Note: to a degree this is what some filters already do ...
3c. Service made available through separate protocol to be run by ISP
on per-domain basis.
Pros:
a. An opt-out is controlled by mail server operator and not any
questinable central agency.
b. Depending on how system is implemented it maybe a lot harder to
actually gather list of valid email addresses (mail server
operator may choose to answer opted-out for any email address
that does not exist, for example)
Cons:
a. A new protocol (or extensions to SMTP) need to be developed
b. It maybe a lot harder to clean up lists before emailing
(maybe this this also good thing?)
c. If implemented as in 3a all MX servers (even backups) may need
to answer yes on question of opt-out, this created
implementation problems and seems unnecessary
4. Modification of Email address to show opt-out choice.
Variations:
4a. General opt-out choice recognized by everybody, which may
actually be some variation of mail service domain/subdomain
4b. Opt-in choice specific to particular situation or mailing list
example - email+list(_at_)domain(_dot_)com
Pros:
a. Very easy to implement and does not require new technology, 4b
is already actively used by many
b. Address itself shows optout choice, so spammers can not do
email address cleanup for purposes of finding valid address
Note: this is also a Con!
c. Opt-out choice is controlled by each individual user and not by
external entity (be it central agency or mail service provider)
Cons:
a. This generally requires us to use different email address then
what we already do, often even more then one. It does not address
issues with existing currently use email addresses (see
section I on what we want to do), this is a BIG Con.
b. Use of "special" email address may also be taken by spammers as
verification that email address is valid!
III. Enforcement of Opt-Out
Note: #1 and #2 below may well be done in parallel
1. Done by goverment by legislation to have all commercial email marketers
participate in some system or abide by specific protocol standards
Enforcement is afterwards left to courts
Pros:
a. There would be clear guidelines for commercial email senders to
follow and if they do not they will pay an actual price for it
b. Its a lot more likely commercial businesses will follow the law
Cons:
a. This maybe problematic when considering email as global system
and not specific to US or EU laws
b. It takes some time for laws to be passed and then be verified
in courts to be workable
2. Enforcement is left to ISP/mail server operators through use of
filters if email is found to be from commercial email marketer
that is known to mail server operator
Pros:
a. Filtering is already well adapted technology
b. When email is found to have violated opt-out choice, stopping
future email from the particular marketer is easy and fast
(blacklist) but it does require marketers to be well identified
Cons:
a. Use of filtering means some email will inevitably be filtered
b. Filters will never completed stop unwanted email even with
opt-out choice, some email marketers may choose not to follow it
------
William Leibzon
Elan Communications Inc.
william(_at_)elan(_dot_)net
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg