spf-discuss
[Top] [All Lists]

Re: Indiustry Alliance Publish Anti-Spam Proposals

2004-06-22 16:03:58
Wellllll, we kinda stayed away from the optin optout debate. It is a hopeless debate and we wanted to concentrate on the real criminals.

I don't mind the "legit but perhaps shady" marketers that may utilize "poor practices". Why? They always come from the same IP space and I know how to filter that if/when they get out of hand. I imagine you do too :-)

Its the guys distributing viruses to Windows PCs to compromise grandma's machine and turn it into a spam zombie which the ASTA group was most interested in stopping.

I understand your points and they are definitely valid examples for them. But the ASTA group is not focused in that area...many other groups are.

-Carl

jbglube(_at_)sympatico(_dot_)ca wrote:

From: Karl Prince
Sent: June 22, 2004 2:55 PM
Subject: [spf-discuss] Industry Alliance Publish Anti-Spam
Proposals

I just read through the proposal. Okay, I don't
want to pick a fight with the big ISPs, but the
first mistake?
Not coming out and saying thou shall not use our
networks to send or transmit UBE.
If you read through pages 14 to 15 of the
proposal, the "Recommendations for Bulk E-mail
Senders" are - I better be polite here since this
is a public list - the DMA standards for
"legitimate" bulk mailers. This is code for
sending spam.

The proper course? Say     "want to send email to
our networks in bulk? It must not be UBE and you
must be sender authenticated."

Don't get caught up in the nonsense of trying to
distinguish between good spam a la the DMA and
bad spam.
So, what is really going on? Want to send bulk
UCE? Sure, not a problem, just pay us for access
and we will be glad to let you transmit CAN SPAM
compliant bulk UCE from our networks. Please.

(That is the only conclusion I can reach.)

When will the ISPs get it? As I said above the
easiest and quickest way to stop UBE is to have a
policy which says:

"Thou shall not use our networks to transmit UBE.
You may not transmit email to our network without
being sender authenticated."

Then live by and enforce this policy. This should
flow from the top of the back bone all the way to
the smallest ISP.

The ISPs were given this authority under the CAN
SPAM Act of 2003.
Even though the Act does not specifically
prohibit initiating the transmission of CSA
compliant UCE in bulk, it allowed ISPs to set
policies which prohibited the use of their
networks to transmit UCE. See paragraph 8 (c).
(You can find a copy of the Act here:
http://www.learnsteps4profit.com/antispamus.html)

The FCC regulates Internet access services which
includes ISPs. Since the FCC has a stated hands
off policy on IP enable services (which may
change at least with Voice over IP) paragraph 8
(c) means ISPs are free to set their own policies.

The upshot, the ISPs can set policies which
prohibit the use of their networks to transmit,
etc. UBE (which includes CSA compliant UCE in
bulk).

The statement of the ISPs on Recommended Best
Practices For Bulk Emailers is ...
This is nuts and on my birthday, no less.

I am sorry. I appreciate AOL has been a champion
of SPF, but quite frankly I am ....
(the reader can fill in the blanks here and
above).
This is even a step back from the stated best
practices by AOL in at least requiring a
relationship between the sender and the recipient.

Well, at least the ISPs which are members of the
Industry Alliance have come out of the closet.
Okay, back to work on some other stuff.

Thanks Karl for bringing this to our attention.

John Glube
Toronto, Canada

The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.708 / Virus Database: 464 - Release Date: 18/06/2004


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

--
Carl Hutzler
Director, AntiSpam Operations
America Online Mail Operations
cdhutzler(_at_)aol(_dot_)com
703.265.5521 work
703.915.6862 cell