Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Keep that one sign-up message. It's a very small per-user piece of data, and it would certainly be proof enough and to spare for me. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -Original

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

On 11/06/16 09:29, Michael Wise via mailop wrote: > > ... when the server receives it, it gets authenticated. > Or did you forget this? That doesn't help when attempting to provide "proof" of signup at some future date - it will simply be a message with a DKIM sig that can no longer be

Re: [mailop] Messages over IPv6 rejected by Google for failed authentication checks

On Thu, Jun 9, 2016 at 2:59 PM, Laura Atkins wrote: > > > On Jun 9, 2016, at 2:07 PM, Bernhard Schmidt > wrote: > > > > On 09.06.2016 18:20, Laura Atkins wrote: > >> > >>> On Jun 9, 2016, at 9:06 AM, Bernhard Schmidt >

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

... when the server receives it, it gets authenticated. Or did you forget this? Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -Original Message- From: mailop

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

On 11/06/16 05:02, Michael Wise via mailop wrote: > Well, the From: domain would be a good start. > > It would certainly cut down on the trivial forgeries, and could easily > be transferred from the web to email with a single mailto: link. Any signed DKIM message can only be authenticated while

Re: [mailop] "One-Click" List-Unsubscribe URIs

> You demonstrated the need for a flag day when you stated that > the ESPs need to give the ISPs "a hint" that things are > changing. Expecting every ESP to contact every ISP is ridiculous. No, what he said was that ESPs *could* give a hint. All RFCs and IETF recommendations are just that -

Re: [mailop] Microsoft/Hotmail discards mails

First of all, my kudos to Michael for discussing this so openly. On 10 Jun 2016, at 12:05, Hugo Slabbert wrote: I think everyone gets that the preferred behaviour is to reject at SMTP time, that it gets difficult/impossible to do the more tests you try and stuff into the filtering decision

Re: [mailop] Microsoft/Hotmail discards mails

On Fri 2016-Jun-10 12:32:20 -0600, Tim Starr wrote: I am not saying this is a good idea, but it sounds to me like what would fit the bill here would be a new folder for each user called "Bounced" in which they would see all messages sent to their email address but which

Re: [mailop] "One-Click" List-Unsubscribe URIs

On Fri, Jun 10, 2016 at 2:18 PM, Laura Atkins wrote: > You demonstrated the need for a flag day when you stated that the ESPs > need to give the ISPs “a hint” that things are changing. Expecting every > ESP to contact every ISP is ridiculous. > I don't have to contact

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Well, the From: domain would be a good start. It would certainly cut down on the trivial forgeries, and could easily be transferred from the web to email with a single mailto: link. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Signed by whom? First off, this would require that sign-ups be transferred from web to email. Secondly, I can see how it could easily be forged. All I'd have to do is set up a mail server to send DKIM-signed email for each "opt-in" request, each with a different DKIM domain out of a set of

Re: [mailop] "One-Click" List-Unsubscribe URIs

On 9 Jun 2016, at 12:11, John Levine wrote: The http specs are quite clear that GET is not supposed to change the state on the web server. For that you use POST or PUT. Not wrong... Unfortunately, that horse died of old age a decade ago, 5 counties away from the former location of the barn

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

A DKIM-signed submission request? With IP, time stamp, and such like would be pretty undeniable intent to subscribe, IMHO. Or provide plenty of fodder for the sysadmin of the domain in question to track down the imposter. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your

Re: [mailop] Microsoft/Hotmail discards mails

I am not saying this is a good idea, but it sounds to me like what would fit the bill here would be a new folder for each user called "Bounced" in which they would see all messages sent to their email address but which were bounced by their mailbox provider. However, that would defeat the purpose

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Benoit Panizzon wrote: So the Mailchimp Abuse Desk was asked, with reference to the according legal articles and proof that the email was sent by their customer, to please disclose the identity of the customer sending those emails. Mailchimp always answers, that they are a US company and are

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> On Jun 10, 2016, at 10:30 AM, John Levine wrote: > >> With regard to Mailchimp, as a non-customer observer it seems to me that >> pre-Mandrill was excellent, post-Mandrill not as much. > > Mandrill is automated, which makes vetting the customers a lot harder. > > They are

Re: [mailop] "One-Click" List-Unsubscribe URIs

> On Jun 10, 2016, at 10:56 AM, Vick Khera wrote: > > > On Fri, Jun 10, 2016 at 12:17 PM, Laura Atkins > wrote: >> The beauty of the proposal is that you can with some cooperation of the mail >> user agent convert

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Rule #1: Spammers lie. What sort of "proof of opt-in" could they provide that can't be forged? Also, it does not follow from that requirement that senders must be "identifiable." That may be a separate legal requirement, but it doesn't logically follow from the opt-in proof requirement. I also do

Re: [mailop] "One-Click" List-Unsubscribe URIs

On Fri, Jun 10, 2016 at 12:17 PM, Laura Atkins wrote: > The beauty of the proposal is that you can with some cooperation of the > mail user agent convert the two-click unsub into a one-click. > > > And the failure of this proposal is that it requires the MUA to change >

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> On Jun 10, 2016, at 10:30 AM, John Levine wrote: > >> With regard to Mailchimp, as a non-customer observer it seems to me that >> pre-Mandrill was excellent, post-Mandrill not as much. > > Mandrill is automated, which makes vetting the customers a lot harder. > > They are

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> > International law? There's no international spam law. I know people > who spend full time trying to piece together spam cases using whatever > law applies in whatever places bits of the spamming happens. > > As others have noted, US companies are not subject to Swiss law, just > as Swiss

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

>I agree. But that doesn't mean he can't get a satisfactory answer about the >international law aspect. And by satisfactory I >mean one that makes sense, not necessarily one that he is going to like. ;-) International law? There's no international spam law. I know people who spend full time

Re: [mailop] "One-Click" List-Unsubscribe URIs

>I also am not 100% in agreement that "GET" for HTTP means no altering of >state. I think that's a recent convention coming over from REST based APIs. See section 12.2 of RFC 1945, published over 20 years ago: 12.2 Safe Methods The writers of client software should be aware that the

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

>With regard to Mailchimp, as a non-customer observer it seems to me that >pre-Mandrill was excellent, post-Mandrill not as much. Mandrill is automated, which makes vetting the customers a lot harder. They are painfully aware of that, not sure what they're currently doing about it.

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

On 6/10/16 8:31 AM, Suresh Ramasubramanian wrote: I would guess they're happy to can their customer but they are refusing to tell Benoit who the customer is. Which sounds fair to me. May be fair, may be not depending on the proactive/reactive weight. In other words, weight given to

Re: [mailop] "One-Click" List-Unsubscribe URIs

> On Jun 10, 2016, at 9:07 AM, Vick Khera wrote: > > > On Fri, Jun 10, 2016 at 11:23 AM, Laura Atkins > wrote: > Also in this case, there is a significant chance that the proposal will > result in sub-optimal or

Re: [mailop] "One-Click" List-Unsubscribe URIs

On Fri, Jun 10, 2016 at 11:23 AM, Laura Atkins wrote: > Also in this case, there is a significant chance that the proposal will > result in sub-optimal or harmful results. It is a fact that there are > appliances and filters out there that follow every link in an email.

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> Venturing an opinion on how much jurisdiction a law enforcement or regulatory > Organization is prepared to assert in a cross border scenario isn't going to > fly too far > > Did you try to identify the spammer with a dummy purchase If he is doing > something illegal? > > --srs > >> On

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Venturing an opinion on how much jurisdiction a law enforcement or regulatory Organization is prepared to assert in a cross border scenario isn't going to fly too far Did you try to identify the spammer with a dummy purchase If he is doing something illegal? --srs > On 10-Jun-2016, at 9:09

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

I would guess they're happy to can their customer but they are refusing to tell Benoit who the customer is. Which sounds fair to me. --srs > On 10-Jun-2016, at 8:44 PM, Anne Mitchell wrote: > > Benoit, please contact me offlist, and I will see about getting you to the >

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> On Jun 10, 2016, at 1:09 AM, Benoit Panizzon wrote: > > I have seen similar cases on many occasions. > > But what disturbed me most here, is the lack of legal cooperation from > mailchimp. It was obvious, that the sender was located in either > Switzerland or italy.

Re: [mailop] "One-Click" List-Unsubscribe URIs

On Fri, Jun 10, 2016 at 7:10 AM, wrote: > The ORT session requirement or > question never wanted to solve this completely different issue at all. > > Every other solution that came up in this discussion, run down to > possible pathes: > > 1# much more complex idea, that

Re: [mailop] "One-Click" List-Unsubscribe URIs

On Thu, 9 Jun 2016 13:02:05 -0400 Al Iverson wrote: > On Thu, Jun 9, 2016 at 12:24 PM, wrote: > > On Thu, 9 Jun 2016 11:53:16 -0400 > > Al Iverson wrote: > > > >> This also brings us back to the issue of what

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Matthias > > Therefore, the sender must be identifiable. If the sender is not > > identifiable, the ISP of the sender must provide the identity of the > > sender. > > On what legal theory is this based on? I am not a lawyer, but in my job I had some contacts with OFCOM, SECO,

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Benoit, > Therefore, the sender must be identifiable. If the sender is not > identifiable, the ISP of the sender must provide the identity of the > sender. On what legal theory is this based on? > Art. 8 Right to information >

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Suresh > As I doubt that mailchimp operates under Swiss jurisdiction- and they > probably have a customer contract that stipulates US jurisdiction .. > you'd have to rely on them suspending the spammer. I am aware of that. But the way mailchimp operates now, is as a spamer heaven. I don't

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Suresh > They aren’t under any obligation to reveal customer identity to you > and would potentially face legal liability for doing so. This is exactly the problem. Privacy Laws in Switzerland (and most other countires I know) states, that the sender must provide proof of opt-in. Therefore,

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

There seems to be a miscommunication - I personally have seen Mailchimp / Mandrill suspend a large number of spamming customers. However your request - which asks to identify a customer - would probably get routed to the legal department rather than a competent abuse team and that might

[mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi List I wonder how other Email Ops, especially in Europe, handle Mailchimp and Mandrill App. They are a constant issue with the Swinog Blacklists. The problem boils down with differences in the privacy laws of US vs EU. In Switzerland (and probably most EU countries too), a company who sends

Re: [mailop] Messages over IPv6 rejected by Google for failed authentication checks

Hi, >> Not sure yet whether my testhost has ended up on a whitelist or >> Google has reverted the behaviour. > > There was a report earlier that Google was experiencing > authentication problems on the inbound and a lot of mail was failing. > I’m guessing what you saw was related to that and