On Wed, Mar 26, 2003 at 05:24:50PM -0800, Hallam-Baker, Phillip wrote:
The list maintainer need not be one entity. All we need is agreement on the
hash function. I sugest a keyed digest with the key sha1("asrg")
You could give your email address to your participating isp, verisign, the
uspostal service or alan ralsky as you choose.
Most registrars would not keep any record of the addresses listed.
Can you be more specific as to how that solves the problem?
My issue is this. If you have a system -- any system at all -- which
will "clean" (ie. remove opted out addresses) from a large spammer's master
list (such as the lists they trade around on CD, you all have gotten spams
to buy them) then it is inherent that you will be giving them back a list
of all people on their list not in the opt-out list, and thus a list of
all people on their list who _are_ on the opt-out list.
The only way to avoid that would be what direct marketers do. The cleaner
also delivers the spam! You would need bonded companies which send
spam, but remove any opted out address from the mailing. They are bonded
to not reveal the contents of the list.
This may seem bizarre but in fact is not out of the question. This is how
the direct marketing business works. Of course the postal service is the
only company which delivers the mail.
But if you want to do a direct mailing, the list sellers don't give you a
copy of their list. They prefer to give it to a trusted 3rd company that
is mailing your ads for you. (Often they print, stuff and address for you.)
You hand them the ad, and tell them what lists you are buying, and they
clean the lists (of dups) print, stuff, address and take it to the post
office for you.)
However, larger mailers are trusted to get lists, and for a price you can buy
them.
To avoid people "stealing" the lists, they seed them with special trap
addresses.
If they get a direct mailing that they didn't rent the list for, they come and
get you.
So if there were a "official" spamhuases, which respected the opt-out list,
you would not even need to blacklist it, because you could just opt-out and
encourage your users to opt-out.
Spammers who wanted to deliver their own spam would not be able to clean their
lists, and would be subject to the full wrath of anti-spam systems.
This sort of thing has been proposed by spammers in the past, and quite
correctly we have not trusted them. If the mailing houses however were
approved by us (meaning IETF folks and major ISPs) it's not as silly as it
sounds. At least until everybody gets on the opt-out list, and the company
becomes moot, and we start over again, unfortunately.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg