ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Opt-Out ideas/suggestions?

2011-09-22 21:19:56
from [Chris Lewis] [Permanent Link] 
On 11-09-22 09:39 PM, John Levine wrote:

A notable example of 'opt-out' that comes to mind is not in the world

  of email, but the 'do not call' list used for telephony.

True.  The do-not-spam list is one of those  ideas that keeps
coming around.  Phones and e-mail are not really comparable here
because there is a fixed well-known set of phone numbers, while
there isn't a fixed set of e-mail addresses.  I can easily list all
the numbers I don't want people to call, but I can only describe the
set of email addresses not to spam by using pattern matching.
And it's seldom that one would be able to do that accurately with the variety of email addresses one might accumulate.
I should also note that the "opt-out" standard, while legal in the US, isn't (or won't be) valid in other jurisdictions.
Looking at the links that Fredrik suggested, it looks to be about some sort of "do not email" list. 

Recall that:
- Rodney Joffe implemented one (mainly to forestall/embarrass the DMA's, see below), in which not only individual addresses, but whole domains (corporates do have the right to make such decisions, remember). In short order it had about 100M entries. But no sender deigned to use it. Rodney proved his point, and it was dismantled.
- the DMA invented one. For a short period, they allowed domains to opt-out (in in-person discussions with them in 1998, they reluctantly put it on the table. I did enter our domains on behalf of my employer), but rapidly realized that they were shooting themselves in the foot. While their opt-out seems to still exist, they do not even hint at the possibility of a domain-wide opt-out anymore. I think the functionality was silently dropped. I highly doubt any sender of any significance ever used it.
- When CANSPAM was enacted in 2003, the FTC was tasked with investigating the idea of enforceable opt-out lists implemented in some way. In copious discussions with stake-holders (several of the people on ASRG were in them, including me ;-), the FTC eventually concluded that it could not be made to work safely. That the service itself cannot be secured adequately, and even if it was, it would not be effective in making an appreciable dent in spam, much of which is illegal in many other ways already.
- There are a number of opt-out lists now. Most out-and-out frauds, and none has ever been demonstrated to make any difference.
In the end, the reality is that most spammers would never use a opt-out list even if one could be implemented safely. Only a few large organizations with reputations to lose would. In general, it would make little difference to the spam flood.
Also, as John mentions, there are many things that make the idea moot. Including the staggering revelation that if you only do opt-in, you don't have to implement massive unwieldy global opt-out mechanisms that will probably leak, and be relatively little used. 
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Opt-Out ideas/suggestions?, John Levine
Next by Date:  Re: [Asrg] Opt-Out ideas/suggestions?, Richard Kulawiec
Previous by Thread:  Re: [Asrg] Opt-Out ideas/suggestions?, John Levine
Next by Thread:  Re: [Asrg] Opt-Out ideas/suggestions?, Richard Kulawiec
Indexes:  [Date] [Thread] [Top] [All Lists]