ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] New proposal for spam blocking: Greylisting

2003-06-20 10:48:33
from [Vernon Schryver] [Permanent Link] 
From: Evan Harris <eharris(_at_)puremagic(_dot_)com>



As with any whitelist, there are potential privacy concerns, but
these concerns would be greater here because of the additional data
tracked in the database.  Of greatest concern would be:


I disagree.  One of the nice things about this method is that it keeps
very little profiling info.  It certainly doesn't look at the body or
even the headers of the messages.  The only statistics kept are things that
could easily be retrieved from the mailer logs anyway.


Please reconsider.  Contemplate the value of knowing that Bill Gates has
recieved a message from Steve Case (or vice versa) even without knowing
the contents.  Your database doesn't contain messages, but traffic analysis
can be very valuable.  That's why "pen recorders" are used by the police.
It's why the legitimacy of some traffic analysis of email and phone
calls is a continuing issue in federal criminal court cases.



...
I would agree that users should be made aware of any possible privacy risks,
but most users are already aware that mailer level statistics are kept, and
this is just the same thing, just a different format.


That mailer logs are also quite sensitive does not make your records
less sensitive.

Most users are only a little less clue challenged about their privacy
than about whether their mail involves HTML.  But we're not most users
and must pay attention such issues.



...
With these, there is no data kept in the database for longer than the
longest expiration time, which is a little over a month. 


That sounds like a very good idea.


                                                        Most mail servers
keep logs for longer than that anyway.


"Most" is a strong word, particularly on issues like this that are
subject to corporate "document retention" policies.  Those policies
should be called "burn after reading policies" because they require
the desctruction of archives and backups lest they be used in future
court cases.

Note also that some few librarians are burning records as soon as books
are returned to avoid their use by snoopers.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] New proposal for spam blocking: Greylisting, Dave Crocker
Next by Date:  RE: [Asrg] Introduction and another idea, Bob Wyman
Previous by Thread:  Re: [Asrg] New proposal for spam blocking: Greylisting, Evan Harris
Next by Thread:  Re: [Asrg] New proposal for spam blocking: Greylisting, Yakov Shafranovich
Indexes:  [Date] [Thread] [Top] [All Lists]