ietf-asrg
[Top] [All Lists]

Re: [Asrg] Proposal for Opt-Out

2003-03-28 08:44:06
So.  An opt-out list will stop people who bought your list from 
someone you gave your email address to.  
Correct

You don't *want* it to stop 
the people you explicitly gave permission to.
Opt-out should be specific enough that you could blacklist entire category 
of commercial email but whitelist particular sender. So basicly even if 
you gave them your email to say notify of updates and they are instead 
trying to pitch you new product or service you could stop that depending 
how well opt-out is both technology and laws.

 It might stop people 
who bought the assets of a defunct company. 
Correct and I'v had real problems with these companies. It seems my email 
from excite.com was bought by about 100 other companies (it had very 
specific nic and address) and I'v been trying to find way to do global 
opt-out there and even went to court twice to force an issue and find a 
source who's selling my email. But still every week I blacklist at least 
one company that again got my email address and is trying to send me some 
ad (I suspect its all the same companies, whenver I blacklist them they 
begin to use different domain and different company name but it can all be 
the same entity that controls it - too many addresses are in Florida).

It probably won't stop 
affiliates of a company (e.g. multiple catalog companies owned by a 
single entity) because they probably had fine print saying that you 
gave permission to all of them (that's certainly what they do now).
It'll stop it if opt-out is made specific to type of email.

It will have zero impact on existing spammers.
Partial impact. By that I mean there are some spammers that try to appear 
to operate legally (they send from their own domain and have real address 
or po box, usually in florida), they do not try to sell you fraud or 
snake-oil but instead pitch vacations and credit card offers. These kind 
of spammers the opt-out should stop.

That's the good news.  Here's the bad news.

A global opt-out list is a tacit statement that it's okay to spam 
random email addresses.
I hope I did not make it appear as if that is true!

After all, if you didn't want email, you 
would have put your name on the list, right?  This is exactly the 
*wrong* way to go.  We do not want "100 million email address CDs" to 
become legitimate sales tools just because they were cleaned by the 
opt-out list. 
Technology for opt-out should be good enough to prevent use of the email 
list by anybody but authorized bulk mailer. So spammers would not be able 
to verify your address either one way or another, other means should be 
used to stop those (i.e. technology to stop improper headers and after its 
possible to trace the spammers, legal means to outlaw their activity and 
get them out of business at the same time filters still to be used for 
small period of time when spammer is still able to send emails). Also 
proper laws should stop people like Al Ralsky who operate from US but have 
servers overseas. They should be considered commercial mailers and would 
either have to abide by opt-out laws and actually get your opt-in permission
before sending email or they should have civil/criminal penalties, for any 
email sent from company they control no matter from where the email was 
sent from.

You do *not* want every company in the country 
broadcasting email address to every address they can find.
I did not understand this.
 
"But," you say, "If you don't want that, just put your name on the 
opt-out list."

I assert that if we tacitly support opt-out, we will create a mail 
situation so bad that you won't be able to function unless you 
opt-out.  *Everyone* will want to opt out. 
I do not believe you're right. 

But a lot of people will opt-out and expect a lot less spam, while opt-out 
only help to get rid of unwanted commercial emails that are not generally 
spam. So that is why we need to find solution for real spam before 
starting to implement opt-out.

And what is the point of 
an opt-out system in which every person in the world is required to 
opt out?  Furthermore, as has been mentioned numerous times.  It's 
not just a question of email addresses, it's a question of domains 
and bounces as well.

Opt-out can work for phone numbers because there are a finite number 
of phone numbers.  There are *not* a finite number of email 
addresses.  It should not be mandatory that every time you reserve a 
domain you have to go and opt-out all possible email addresses in 
that domain.  That makes no sense whatsoever.

To sum it up.

1. Opt-out doesn't affect the majority of the people we are trying to stop.
I Agree.

2. Opt-out will make things worse.
I do not agree.

3. There is no point in an opt-out system that everyone has to join.
This point can be right or wrong depending on opt-out technology. In what 
I proposed it would be wrong.
 
Even if you don't believe #2, #1 and #3 still stand.  As do my points 
concerning domains and infinite email addresses.

I strongly believe that this group should make absolutely no 
recommendations for a global opt-out system. 
If you look at the asrg charter, it specifically says
"Possible components of such a framework may include: 

Consent Expression Component: This involves recipients expressing a policy 
that gives consent or non-consent for certain types of communications"

So it seems we will have to make these "recomendations".

----
William Leibzon
Elan Communications Inc. 
william(_at_)elan(_dot_)net

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg