Well, the From: domain would be a good start. It would certainly cut down on the trivial forgeries, and could easily be transferred from the web to email with a single mailto: link.
Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? From: mailop [mailto:[email protected]] On Behalf Of Tim Starr Sent: Friday, June 10, 2016 11:55 AM To: [email protected] Subject: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws Signed by whom? First off, this would require that sign-ups be transferred from web to email. Secondly, I can see how it could easily be forged. All I'd have to do is set up a mail server to send DKIM-signed email for each "opt-in" request, each with a different DKIM domain out of a set of pre-registered rotating domains. Bingo! "proof" of opt-in. Spammers have been doing this for years w/ IP-based date/time/IP-formatted opt-in proof requests. -Tim On Fri, Jun 10, 2016 at 12:32 PM, Michael Wise <[email protected]<mailto:[email protected]>> wrote: A DKIM-signed submission request? With IP, time stamp, and such like would be pretty undeniable intent to subscribe, IMHO. Or provide plenty of fodder for the sysadmin of the domain in question to track down the imposter. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.microsoft.com%2fen-us%2fdownload%2fdetails.aspx%3fid%3d18275&data=01%7c01%7cmichael.wise%40microsoft.com%7c9c44b6eae7c44e47486e08d39161683b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=pI4EI419HKwxb%2bzF7aHDKUFK6YSmrnfMzHDA1ehvnSY%3d> ? From: mailop [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Tim Starr Sent: Friday, June 10, 2016 11:14 AM To: [email protected]<mailto:[email protected]> Subject: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws Rule #1: Spammers lie. What sort of "proof of opt-in" could they provide that can't be forged? Also, it does not follow from that requirement that senders must be "identifiable." That may be a separate legal requirement, but it doesn't logically follow from the opt-in proof requirement. I also do not see how this matters when it comes to blacklist operations. "Tell me who your customer is so legal action can be taken against them" is what the law you cite seems to amount to. You are perfectly to block or blocklist anyone you want no matter what the law says. Tim Starr On Fri, Jun 10, 2016 at 2:50 AM, Benoit Panizzon <[email protected]<mailto:[email protected]>> wrote: Hi Suresh > They aren’t under any obligation to reveal customer identity to you > and would potentially face legal liability for doing so. This is exactly the problem. Privacy Laws in Switzerland (and most other countires I know) states, that the sender must provide proof of opt-in. Therefore, the sender must be identifiable. If the sender is not identifiable, the ISP of the sender must provide the identity of the sender. So an ISP does not face any legal liability on providing the identity of the sender as this is a legal requirement and the ISP acts according the law. There are court cases confirming this procedure. If this procedure and priority of privacy requirements is not observed, a spamer can never be prosecuted or blocked. The spamer can just pretend, that all his addresses are opt-in and that he acts legally but never has to prove it. Therefore Mailchimp cannot block him, or he can request to be unblocked because he claims towards mailchimp, that the spam reports are wrong and he has proof of opt-in from the recipients, which he never has to show anyone. The spamer could probably even prosecute mailchimp for blocking him or canceling his services. The users of our Blacklist request that we block mailchimp for not respecting privacy laws and not providing the legal identity of the spamers so they can provide a proof of opt-in or be made liable for not respecting the mass advertising law. So, do you have any suggestions on how to solve this issue? Legal References: Art. 8 Right to information https://www.admin.ch/opc/en/classified-compilation/19920153/index.html#a8<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.admin.ch%2fopc%2fen%2fclassified-compilation%2f19920153%2findex.html%23a8&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ZpGFu3qWItPwow8WXAZu4rPhu7VSH%2foL4GqMOoqxzbU%3d> Art. 82 Communication of data to identify nuisance calls and unfair mass advertising https://www.admin.ch/opc/en/classified-compilation/20063267/index.html#a82<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.admin.ch%2fopc%2fen%2fclassified-compilation%2f20063267%2findex.html%23a82&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=9DONBln1QKev3dAyS2Kq3h64xwH0vdMa5JEr1yDbRqE%3d> Bundesgesetz gegen den unlauteren Wettbewerb (unfortunately not translated by admin.ch<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fadmin.ch&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=QQrBwhHA%2f9%2bwmi%2fTBVgpOoCtS13CfblYjNFk6XX0%2bZA%3d>) https://www.admin.ch/opc/de/classified-compilation/19860391/index.html<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.admin.ch%2fopc%2fde%2fclassified-compilation%2f19860391%2findex.html&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=w%2btWSiBOIud2wDmjI13WsNIeNJlxYRRoRD7HMiuqpQM%3d> -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00<tel:%2B41%2061%20826%2093%2000> CH-4133 Pratteln Fax +41 61 826 93 01<tel:%2B41%2061%20826%2093%2001> Schweiz Web http://www.imp.ch<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.imp.ch&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=s%2bXfm3eTStD0SNnhWCQ%2f%2fhmWskyGIk2K9%2bi9iqEd1wE%3d> ______________________________________________________ _______________________________________________ mailop mailing list [email protected]<mailto:[email protected]> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=0SfoFKj4HjjWx5QFf2aJjM9F7rC2NpIDwiviExiCUjs%3d>
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
