On Tue, 23 Sep 2003, Doug Royer wrote:
HIPPA covers _medical_ information. Email addresses are not medical
information. The email address in an email message is not a medical record
protected by HIPPA. Third, the email address is already being disclosed
to the ISP running the relay.
You keep assuming things and then declaring them as reasons for it to be
a non-issue. Your assumptions about my implementation, my customer
requirements, regulatory rulings relatedto HIPPA as it effects the
customers license to practice, and my email routing are not true.
I'm not assuming anything about your customer requirements, other than
they are obviously sending email over the internet, and that on occassion,
they might have a invalid domain name in an email address.
This is just an officious sounding FUD phrase:
"regulatory rulings related to HIPPA as it effects the customers
license to practice" is simply meant to scare users and care providers.
Nothing here is affected by HIPPA regulatory rulings or care providers'
license to practice. But of course, your whole claim about HIPPA is
nothing but FUD.
The relevant privacy law involving email is the ECPA, not HIPPA. Verisign
is prevented from disclosing the contents of any email, as is the ISP.
Quite obviously, Verisign is not improperly disclosing any information.
Contrary assertions are FUD
Name one good reason to run a bogus SMTP server that always rejects
email if it is not their intention to use the data? Why would anyone
accept connections on the SMTP port at all if not to use the data?
Other TLD's that have wildcard entries do it. Verisign's research
probably included the practices of other TLDs that use wildcard entries.
Having a rejector allows the mail to be rejected faster and ultimately
reduces network traffic. Not having a rejector would cause relays to
continue trying to connect for up to several days. The TCP syn packet,
along with the ICMP message is about the same as accepting the connection
and rejecting the message.
There has been no evidence that Verisign has collected any sender
addresses, nor would there be any reason for them to want to.
Your two reasons, the 'only reasons you can think of', like the rest of
this, are nothing but FUD.
--Dean