-----Original Message-----
From: Seth Goodman
Sent: June 17, 2004 11:00 AM
I appreciate your taking the time to respond and
as you point out on some points I suspect we may
end up agreeing to disagree.
However, let me see if we can close the loop on
certain key issues.
* Solicited bulk email versus unsolicited bulk
email
There is a significant distinction between
unsolicited bulk email and solicited bulk email.
Solicited bulk email is responsible behaviour and
is not sent postage due as the individual
receiving the message has asked to receive it.
On this point I rely heavily on the underlying
position taken in
http://www.ietf.org/rfc/rfc3098.txt
If the community does not draw a clear
distinction in favour of those who send solicited
bulk email, any reasonable person may simply ask
what is the point?
Why go through all of the effort and energy in
seeking and obtaining consent, while building up
and maintaining your brand?
Attempting to lump senders of UBE and Solicited
bulk email into one basked is flawed. It
penalizes those who are honest and responsible,
while rewarding those who act irresponsibly and
are simply poisoning the well.
The argument of the greater good does not apply.
Business uses email for a variety of purposes.
Want the co-operation of the business community,
you need to draw certain key and fundamental
distinctions.
The core distinction? Drawing a line between
those who send UBE and those who send Solicited
bulk email.
* Collateral damage
This is a significant issue for e-publishers and
other online businesses.
For example, when I can not get notice of another
issue of an ezine which individuals have paid to
receive delivered, or when someone buys a product
through my web site and the confirmation purchase
notice is not delivered, this is a serious
problem.
And unfortunately, this is happening at ever
increasing levels.
When I speak of delivery I am speaking about
getting solicited email, or transactional email
to the email box of the intended recipient.
How the individual decides to deal with the email
is up to him or her. Want to filter stuff you
have asked to receive, or even paid to receive
into the spam box and delete it all. Hey, that is
your choice.
It is frustrating to the business person,
especially when the individual turns around and
starts complaining, what happened to? But that's
life.
* How To Deal With The Differences
Placing arguments against Spam (UBE) or in
support of blacklisting Spammers (UBE senders) on
the table is not the issue.
We are talking about business people who don't
send UBE as it is simply bad business.
When you are in business, you are a marketer.
Without sales there is no business.
Endeavouring to lump all business people in the
same class simply because all business people are
marketers does not serve any purpose.
It does however anger those business people who
are opposed to UBE and want to embrace sender
authentication in an attempt to deal with the
whole issue in a constructive fashion.
On this point, filters need to be created which
work with Sender authentication and utilize
rating services.
Presuming the sender is authenticated and has an
appropriate rating as a solicited emailer, why is
there a further need for content filtering of
this email message at the network level, as
opposed to at the individual end user level?
On the other hand there must be clear markers.
It is self evident as I said above the clear
dividing line is UBE. No ifs, ands or buts.
Having said this, we need to turn this whole
discussion around and look at it from the end
users perspective.
It seems the US 'Net population breaks out into
roughly three groups:
* A large portion which wants their service
provider to deal with the problem.
In establishing any closed email system which
works for both solicited emailers and service
providers, this is the hardest group to satisfy.
Why? The problem is defined as what ever a
recipient says he or she does not want.
Service providers want the ability to filter out
whatever their customers tell them, despite any
permission granted.
Solicited emailers want some understanding, if I
am authenticated, rate as a solicited emailer and
carry out best practices, my email should at
least get to the email box of the user.
Service providers can then provide users with a
range of choices to meet the varying needs of
their customer base.
* A smaller but still significant group which is
prepared to deal with the problem themselves.
* A much smaller group that does not mind
receiving UBE.
On the last point, according to the most recent
Pew report, roughly 5% of end users in the US
have purchased something through UBE within the
last year. (This was down from 7% last year.)
http://www.pewinternet.org/pdfs/PIP_Data_Memo_on_Spam.pdf
Yes, yes, I know ... but I am simply reporting
the stats.
* Verified Opt-in versus Confirmed Opt-In
On the side of solicited bulk email, there is a
distinction between verified opt-in, confirmed
opt-in and unconfirmed opt-in.
Many 3rd party email service providers already
provide auditable verified opt-in procedures.
Some software providers also provide the same.
The compromise? Run a verified opt-in mailing
list, you will receive a higher rating and we
will deal differently with you in dealing with
spam complaints.
* Commercial Black list operators
I appreciate many people are quite happy with
SpamCop and the service it delivers.
The flaw? The process of generating complaints
absolves the complainant of responsibility.
Don't misunderstand that comment. Using an
intermediary to resolve differences has great
value.
When complaint volumes reach certain levels, or
other behaviour is indicative of a certain type
of activity, then simply black listing for a
limited period of time may well be the safer and
appropriate course.
But, for a process to work there has to be
responsibility.
Just as the Spammer is acting irresponsibly or
worse, (depending on your perspective) when a
commercial black listing service, (please note I
am not taking about volunteer services) says in
essence this service has absolutely no
responsibility on its part for any harm it may
cause to solicited emailers, it is also acting
irresponsibility.
Like it or not, when you start receiving money or
other forms of consideration for a service, this
imposes certain duties and changes the colour of
the cloak you can wear.
With the implementation of sender authentication,
especially for publishers who rely upon verified
opt-in, I find it hard to accept the position
commercial operations can act without any
responsibility.
What is the solution? Establishing realistic and
objective criteria to measure behaviour and based
on this behaviour proceed to make appropriate
decisions.
With a system which absolves the complainant of
responsibility there is a need for additional
criteria and controls. Otherwise there is the
significant risk of the complaint process being
manipulated, abused or simple mistakes happening.
Will any approach which is developed be fail
proof? Nope. This is why there is a need for
ongoing evaluation of data. But when commercial
operators who provide a service take the
approach, I am not responsible ... this creates
abuse.
This is not a question of constitutional due
process, which does not apply to private actors,
unless imposed by legislation.
Rather it is the simple common sense position, if
we are going to exist in a civil society.
As responsible actors, we can't simply shrug our
shoulders and say, since the other side is acting
irresponsibly, this justifies or permits my
acting in an irresponsible fashion.
John Glube
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 07/06/2004