From: "Peter Kay" <peter(_at_)titankey(_dot_)com>
I would say that if you sent verisign an email ( and that email was NOT
asking to no longer receive emails) that, yes, there is an implied
consent to communicate with verisign. And yes, if they "flooded" you
with messages about their products, it is NOT UBE (I still may not like
it, and I may even hate it, but its not UBE).
I strongly disagee with that notion. It is not justified by the
need to make the crime of spam well defined. Instead, you need
only require that Verisign have evidence that a reasonable person
would agree is a solicitation for bulk mail. A message saying
"tell me how to use PKI" would probably qualify as a solicitation,
particularly given the educational facade of the Verisign spam.
However, there is no honest justification for treating a message
asking "Is the enclosed cert for Microsoft Corporation for the
organization in Redmond or a repetition of the infamous fraud?" as
a request for Verisign's familiar spam.
...
It also means that if, on the signature of your email, you EXPLICITLY
state you do not want to receive any bulk email, and they ignore that
EXPLICIT request, its UBE.
In the real world, absolutely no one wants all bulk mail. Absolutely
everyone who knew it would be effective would add that phrase to their
signatures. That is another way of stating the obvious fact that bulk
mail is not implicitedly solicited by any and all communications from
the victim.
There's a difference between mail we don't want to get, bad practices of
various vendors, and UBE. If we can keep this thread on defining the U
and B along nice, thick black lines, then we have a clear definition of
UBE.
Again, it is impossible and undesirable to draw thick black lines that
separate spam from non-spam, except for our computers that we know
are too stupid to see the real, fuzzy lines. Any line thick enough
to be seen by computers will overlap some hard cases and so controversial
cases. It is impossible to avoid all controversy about whether mail
is spam, just as it is impossible to avoid all controversy and even
injustice about all cases of burglarly and insider trading. There
will always be gray areas. Simplistic definitions cannot work and
only give aid and comfort to spammers.
We can never claim that people will never receive an email that they
don't like or want, we can't help ISPs figure out how not to lose money
accepting email, and we can't stop your uncle from sending you stupid
jokes, but we can certainly look at an email and say, "yes, that's UBE"
or "no, that's not UBE".
Yes, but there will always be fuzzy cases where reasonable people
will disagree, just as with insider trading and burglarly.
And then we can make sure our technology solutions are in-line with the
scope of the problem that UBE defines.
That is just as true of technical spam defenses as burglar alarms and
the SEC's insider trading detection systems. The techncial machinery
can do a good job, but it can never be even as imperfect as we are
(at least not until we have truely thinking and understanding computers).
There will always be cases where the machinery gets it wrong, as well
as cases where we can't agree on what's right.
Insisting that the machinery be absolutely in-line with what we think
is spam is equivalent to the obvious nonsense that false positives
and false negatives will never happen.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg