"Seth Goodman" asked:
<skip>
I still have a question for Chris. As a forwarder, don't any of your
customers ask you to run SpamAssassin on their accounts? What I'm getting
at is do you really need some kind of permission to inspect headers in an
automated fashion in order to detect forgery? You're not recording anything
that is not a forgery, so in what way are you violating privacy? The MTA is
scouring the headers for lack of a match to indicate forgery, but the
machine sees every byte on the way through anyway. As long as no human sees
the content of any email not addressed to them and the machine doesn't
record anything about non-forgeries, has there been any violation? Is this
like if a tree falls in the forest and no one is there to hear it ...
Forgive me if these are foolish questions, but I've never been in the
forwarding business so I've never had to think about it.
Ah, I didn't respond the first time you asked, because I rather hoped a
Forwarder would leap in and answer.
I'm not a Forwarder, so I can't answer your question from any kind of personal
experience.
In this forum, my role is as 'volunteer-architect'. I'm watching all the issues
people raise and trying to distill and accommodate them.
In this area of 'opening and inspecting the message' I've noted several posters
(Frank Ellermann amongst others) who have pointed out that some legal
juristictions (Germany? California?) appear to have concerns about these
practices.
I believe also that some US corporations have concerns about preserving their
'common carrier' status.
I'n trying hard not to judge whether or not these concerns are valid, or suggest
that we challenge or ignore them, but rather just see if there are any
relatively-easy ways of accommodating the concerns - hence my suggestion for the
'implied sender authority'.
Hope this helps.
Chris Haynes