As with any whitelist, there are potential privacy concerns, but
these concerns would be greater here because of the additional data
tracked in the database. Of greatest concern would be:
I disagree. One of the nice things about this method is that it keeps
very little profiling info. It certainly doesn't look at the body or
even the headers of the messages. The only statistics kept are things that
could easily be retrieved from the mailer logs anyway.
This extra data would provide a useful "permanent" record that would
be subject to criminal or civil subpoena. Some users would gladly
choose to allow this type of database to be created if it effectively
reduces spam, but users would need to be fully appraised of the
privacy risks.
I would agree that users should be made aware of any possible privacy risks,
but most users are already aware that mailer level statistics are kept, and
this is just the same thing, just a different format.
If anyone wanted to, cleaning the database of long term info would be
simple. But it wouldn't help anything, because all the info there could be
gotten from the mail logs anyway.
If your concern is the longevity of the information, consider running this
as a nightly script:
DELETE FROM relaytofrom WHERE record_expires < NOW();
UPDATE relaytofrom SET create_time = NOW();
UPDATE relaytofrom SET blocked_count = 1 WHERE blocked_count > 1;
UPDATE relaytofrom SET passed_count = 1 WHERE passed_count > 1;
UPDATE relaytofrom SET aborted_count = 1 WHERE aborted_count > 1;
With these, there is no data kept in the database for longer than the
longest expiration time, which is a little over a month. Most mail servers
keep logs for longer than that anyway.
Evan
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg