I think it's trivial to define consent.
It's hard because it's not a binary flag, it's a continuum.
At one end, Chuq can send me any mail he wants. I know him well
enough to be confident that anything he's going to send me will
be OK with me.
At the other end, I have told Verisign many times that I don't want
them to send me any mail, for any reason, ever. I just reminded them
of that last week when they sent me a message saying "we know you told
us to go away forever, but did you change your mind?" I don't care if
they notice my house burning down or find my wallet on the street
containing a million dollars in cash, I don't want to hear about it
from them.
Those are easy. The hard part is the limited consent we all give to
bulk mailers. There's a company in Virginia that sends me one or two
messages a year saying "do you want to send your sister the same ham
you sent her last year?" That message is fine. If they sent me an
occasional message saying "we're now selling peanut-fed smoked squid,
on special this month for $99.95", that would be OK, too. But the
more the volume cranks up and the farther they get from the original
point of the communication, the more strained the consent gets.
Where it gets tough is in co-registration, when they say "would you
like to get occasional messages from our carefully screened affiliate
organizations?" which some people haven't yet figured out means "you
won't believe how many low-lifes there are that'll pay us 3 cents per
address for our list." Once you've done that, you're screwed because
even if you tell the original contact to stop, there's never a
mechanism to pass the revocation through to the hundreds of other
people to whom the address has been directly or indirectly sold. I've
had to abandon at least one address because I didn't notice that the
place to whom I gave it did co-reg. The most infamous case of this is
Michael Rathbun's "Nadine" story, about an address provided once to a
co-reg site by a woman who typed it wrong, and the incredible number
of places it's ended up.
So I think we can make some general rules about consent, but it's no
likelier that we can define it rigorously than we can define spam
rigorously.
Some suggestions:
* No consent is needed for one-to-one mail, although of course you
can tell individuals to go away.
* Consent for bulk mail has to be given in a context where both
parties understand what kind and amount of bulk mail it means. Again,
the receipient has to be able to make it stop.
* Repurposing consent can't happen. If I give you an address for one
purpose, i.e., mail about ham, you can't then send me mail about
travel packages to pork farming country. The line between what's a
normal variation of the original purpose and what's repurposing is a
semantic one that we can argue about forever, but I suspect that in
most cases where repurposing is an issue, it'll be obvious.
--
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
johnl(_at_)iecc(_dot_)com, Village Trustee and Sewer Commissioner,
http://iecc.com/johnl,
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg