The single most useful thing that might be done here this year is to
establish the default implicit consent for a mailbox connected to the
Internet. Such a determination would help legislators and courts
as well as system administrators on both sides of the spam fence.
I like this idea very much.
Something offical from the IETF (yes, this is the IRTF) saying something
like the following would be very valuable:
- consent to receive mail is always determined by the mailbox owner
and never by mail senders.
Slight issue with "mailbox owner". Is this the recipient, the provider or
some union ?
- unless explicitly revoked or extended (e.g. by explicitly
"subscribing"), a mailbox connected to the Internet implies a
default, implicit, or implied consent or solicitation to receive
any non-bulk mail that does not violate any applicable law.
- bulk mail is any set of 50 or more messages that are substantially
identical as determined by a reasonable person.
Why 50? why not 100, 45, or (my personal favourite) "2 or more".
- Evidence that a mailbox owner has subscribed or solicited mail not
implicitly solicited must be creditable. Email requests that could
reasonably have been sent by third parties are not creditable.
- implicit or explicit consent to receive mail can be revoked by any
means that can reasonably be expected to be preceived by the people
responsible for sending mail, including telephone calls, postal service
mail, email, and SMTP status ("rejection") messages.
The statement must fit the Internet as it exists today. It cannot
involve mechanisms that are not currently widely used, not to mention
mechanisms not yet invented. It must all be clear to all parties and
easily understood and monitored by people with limited technical
knowledge, and so it cannot use interesting ideas like SMTP banners.
This determination cannot be based on the familiar IETF style of
consensus, because interests including some represented by frequent
contributors to this mailing list will never agree to banning
per-sender-opt-out spam, despite the painful implications of the fact
that there are more than 20,000,000 corporations in the U.S. alone.
A statement such as you propose doesn't *ban* per-sender-opt-out
spam, it just points out that the assumption of implicit consent won't
apply to it.
I believe what you suggest is very much suitable matter for this
group - it's effectively a definition of "consent" - which we probably need
to work usefully within the charter.
This should be proposed to the chair as a work item.
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg