If Spam-Arrest
operated in the EU, its operation would be illegal (not the
anti-spamming
law, the data protection laws)
I believe this is correct.
The point I was trying to make is that from the technical viewpoint any
ISP
or MTA operator can harvest addresses just like SpamArrest did.
yes, of course. The point I was trying to make is that these concerns
should perhaps be addressed in any work to produce standards or BCP on C/R
Most MTA operators only keep "traffic data" for a short time. A C/R
operator must keep some traffic data "forever".
The C/R operator can choose from a range of behaviours ... producing a
simple challenge, puffing the challenge up with unsolicited merchandising
material right up to using (or selling) addresses like any other spammer.
Since the Sender address data is longlived, the policy might change -
imagine Mr Nice C/R systems Inc. gets bought up by Black hat Megacorp.
Whatever..
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg