ietf-asrg
[Top] [All Lists]

Re: [Asrg] Opt-Out Notes: too complicated, ignoring history

2003-03-27 20:31:46
On Thu, Mar 27, 2003 at 09:24:17PM -0500, John R. Levine wrote:
Did you look at the NO UCE/NO UBE banner proposal that I described
about a week ago?  It does everything a global opt-out list is
supposed to with far fewer privacy problems at much less cost.
Furthermore, legislators in multiple states are aware of it and have
said they'd be willing to write laws that use it.

Where is the draft of it.  Most banner proposals have had a number of
problems.

    1) "Banner" implies they occur on connection, however you don't yet
        know the policies of the target users until you get a RCPT command.
        You can have a site opt-out at corporate sites, where one entity
        technically owns every mailbox on the site, but servers that hold
        mailboxes for different entities need a way to give them individual
        control.   You certainly don't want to have your ability to opt-out
        or in require you to switch ISPs.

    2) There's no good way to deal with the question of legitimate relaying,
       ie. MX records.  All your MXs and other relays need to know the
       preference of every _user_ they relay for, unless they relay only for
       single-user sites.

    3) Likewise, what do outgoing relays do?  For many mails, the user sends
       mail to an outgoing MTA, that relays to an MX, which relays to the
       target MTA.   The only way to deal with this is to require the
       outgoing user to label, so that the MTA which finally talks to the
       final destination can know what to do if it's informed about a
       policy after it issues the RCPT TO:

I wrote a few drafts in this area many years ago, but in the end I felt
these problems were difficult to surmount.  Since a policy system effectively
turns into a tagging system, my not just have a tag, and put it in the envelope
so you can reject based on it, rather than trying to implement a policy
language in addition to a tagging language?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg