On Thu, Mar 27, 2003 at 09:24:17PM -0500, John R. Levine wrote:
Did you look at the NO UCE/NO UBE banner proposal that I described
about a week ago? It does everything a global opt-out list is
supposed to with far fewer privacy problems at much less cost.
Furthermore, legislators in multiple states are aware of it and have
said they'd be willing to write laws that use it.
Where is the draft of it. Most banner proposals have had a number of
problems.
1) "Banner" implies they occur on connection, however you don't yet
know the policies of the target users until you get a RCPT command.
You can have a site opt-out at corporate sites, where one entity
technically owns every mailbox on the site, but servers that hold
mailboxes for different entities need a way to give them individual
control. You certainly don't want to have your ability to opt-out
or in require you to switch ISPs.
2) There's no good way to deal with the question of legitimate relaying,
ie. MX records. All your MXs and other relays need to know the
preference of every _user_ they relay for, unless they relay only for
single-user sites.
3) Likewise, what do outgoing relays do? For many mails, the user sends
mail to an outgoing MTA, that relays to an MX, which relays to the
target MTA. The only way to deal with this is to require the
outgoing user to label, so that the MTA which finally talks to the
final destination can know what to do if it's informed about a
policy after it issues the RCPT TO:
I wrote a few drafts in this area many years ago, but in the end I felt
these problems were difficult to surmount. Since a policy system effectively
turns into a tagging system, my not just have a tag, and put it in the envelope
so you can reject based on it, rather than trying to implement a policy
language in addition to a tagging language?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg