From: Daniel Taylor
Sent: Thursday, June 17, 2004 5:40 PM
<...>
Msrs. Ehrengruber & Goodman:
By your arguments, it would appear that neither of you is particularly
connected with the fiscal portions of a business that relies on the
Internet for its income. Those of us who do are quite serious about
a lack of authentication, spam, joe-jobs, and general criminal behaviour
making a medium that is _irreplacable_ for our livelyhoods unusable by
anyone for any purpose.
There is, at this time, no medium that provides a notification mechanism
as widespread, easy to use, lightweight, and high bandwidth as e-mail.
The Internet was not created to provide any of us with a livelihood. If you
can make one by using it, I am happy for you.
If I at times seem rude, brusque, or generally offensive when brushing
off the concerns of people who consider it good form to have businesses
shut down for sending them materials that _they_requested_, perhaps
it is because I like having a roof over my head and food for my kids.
So do we all.
It has been my experience that companies that take care in how they manage
their electronic communications have few enough complaints that they are
rarely, if ever, have mail delivery problems. It is telling that companies
that have problems always seem to blame their clients. How is it that some
companies seem to get all the stupid users who complain about advertising
they requested while others don't have any problems at all?
E-mail is my livelyhood.
That is your choice. No one guarantees my livelihood.
If you do not wish to recieve e-mail from my company, personally, I
consider you free to blackhole us. The freedom to say what I wish does
not mean anyone has to listen. However, I would greatly appreciate it
if you do not take it upon yourselves to keep others from hearing
us through the most effective medium we have.
We do not use e-mail for marketing up front.
We run a testing service for telecommunication centers and applications.
To do this we have a pool of panelists that we pay to call us and
evaluate the systems under test.
Without e-mail we have no way to let these people know in a timely,
relatively unobtrusive, economical (for all parties) way that there
is work to do, or send them notifications that can effect their
relationship with our service.
With the activities you just listed, it sounds very unlikely that you would
run into trouble with blacklists. Perhaps you conduct other activities that
generated complaints. Maybe you should examine how you conduct those
activities.
Given my druthers I'd have mandatory header authentication
of _all_ 2821 and 2822 headers, cryptographicly signed, with
a wax seal on the crypto signature and stiff penalties for
forging or masquerading as someone you aren't.
I don't think you'd get any arguments on that around here. We're just
taking the first step, but it's a necessary one. I see you use PGP. There
is also S/MIME for the less technically inclined. Perhaps you might
consider S/MIME signing for authentication on outgoing messages? Most email
clients that don't support it will at least show the message, so that might
be worth a try.
I'm not holding my breath.
I'll settle for simple widely deployed systems that at least
can give me an edge over those who would cause problems for
my livelyhood.
We are all working toward a system to provide at least 2821 authentication.
While we can evangelize and tout the benefits, what people do with it is
ultimately up to them. I would be pleased if it helped your business solve
any of its email problems.
--
Seth Goodman