Hi Eric
> So all I need to do to shut down a competitor is sign up for their
> mailing list, then issue a complaint to their ESP?
It's not that easy :-). If you signed up, your competitor can provide a
proof (Time, IP-Address, received verification email) you signed up to
you and the ESP. So you
Hi Jay
> ESP to victim: That mail was sent on behalf of ABC Company, and you
> can contact them [here]. We don't tolerate spammers, and our customer
> contracts require openness so these issues can be resolved. Attached
> is a PDF of their signed statement where they certify that they have
>
Hi Laura
> > There is no need to involve a lawyer.
>
> There is if you’re asking a company to release customer information
> to you. Which is what your request of Mailchimp is.
Could you please provide legal background to your statement?
I have been in contact with the legal advisers of OFCOM
] Mailchimp / Mandrill App: European VS US Privacy Laws
> On Jun 13, 2016, at 9:59 AM, Jay Hennigan <mailop-l...@keycodes.com> wrote:
>
> On 6/13/16 12:45 AM, Suresh Ramasubramanian wrote:
>> Now you’re arguing legal contracts here - that vendor has a legal contract
>>
> On Jun 13, 2016, at 9:59 AM, Jay Hennigan wrote:
>
> On 6/13/16 12:45 AM, Suresh Ramasubramanian wrote:
>> Now you’re arguing legal contracts here - that vendor has a legal contract
>> with whoever this spammer is. While they can terminate the account in
>>
On 6/13/16 12:45 AM, Suresh Ramasubramanian wrote:
Now you’re arguing legal contracts here - that vendor has a legal contract with
whoever this spammer is. While they can terminate the account in question,
they certainly can’t expose any customer data to you.
In the US, they aren't under
> On Jun 13, 2016, at 12:14 AM, Benoit Panizzon wrote:
>
> Hi Laura
>
>> Again, were you approaching this as an individual or was your lawyer
>> involved?
>
> There is no need to involve a lawyer.
There is if you’re asking a company to release customer information to
lt;ml-mailop...@elcsplace.com>, mailop@mailop.org
Verzonden: Zaterdag 11 juni 2016 03:11:12
Onderwerp: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws
Keep that one sign-up message.
It's a very small per-user piece of data, and it would certainly be proof
enough and to spare for me
Now you’re arguing legal contracts here - that vendor has a legal contract with
whoever this spammer is. While they can terminate the account in question,
they certainly can’t expose any customer data to you.
You could of course contact local law enforcement and have them subpoena the
data.
Hi Laura
> Again, were you approaching this as an individual or was your lawyer
> involved?
There is no need to involve a lawyer.
You don't need one. You contact the sender and request the proof of
opt-in. If he does not comply, you file a complaint with the SECO (or
you could try to fill one
Hi Tim
> Rule #1: Spammers lie. What sort of "proof of opt-in" could they
> provide that can't be forged? Also, it does not follow from that
> requirement that senders must be "identifiable." That may be a
> separate legal requirement, but it doesn't logically follow from the
> opt-in proof
>> And why pull the public one if you do?
>
>That's how you invalidate the old key, mitigating the stolen key problem.
>The point of cycling keys is to invalidate old ones.
Also, by design, DKIM is intended for validating mail in transit, not
long term archives. For that we have S/MIME and PGP.
Why rotate keys that often?
And why pull the public one if you do?
Brandon
On Jun 10, 2016 3:59 PM, "Ted Cooper" wrote:
> On 11/06/16 05:02, Michael Wise via mailop wrote:
> > Well, the From: domain would be a good start.
> >
> > It would certainly cut down on the
--Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Ted Cooper
Sent: Friday, June 10, 2016 5:17 PM
To: mailop@mailop.org
Subject: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws
On 11/06/16 09:29, Michael Wise via mailop wrote:
>
> ... when the
On 11/06/16 09:29, Michael Wise via mailop wrote:
>
> ... when the server receives it, it gets authenticated.
> Or did you forget this?
That doesn't help when attempting to provide "proof" of signup at some
future date - it will simply be a message with a DKIM sig that can no
longer be
ailop-boun...@mailop.org] On Behalf Of Ted Cooper
Sent: Friday, June 10, 2016 3:53 PM
To: mailop@mailop.org
Subject: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws
On 11/06/16 05:02, Michael Wise via mailop wrote:
> Well, the From: domain would be a good start.
>
> It would
On 11/06/16 05:02, Michael Wise via mailop wrote:
> Well, the From: domain would be a good start.
>
> It would certainly cut down on the trivial forgeries, and could easily
> be transferred from the web to email with a single mailto: link.
Any signed DKIM message can only be authenticated while
uot; | Got the Junk Mail Reporting
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tim Starr
Sent: Friday, June 10, 2016 11:55 AM
To: mailop@mailop.org
Subject: Re: [mailop] Mailchimp / Mandrill App: European VS
im Starr
> *Sent:* Friday, June 10, 2016 11:14 AM
> *To:* mailop@mailop.org
> *Subject:* Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy
> Laws
>
>
>
> Rule #1: Spammers lie. What sort of "proof of opt-in" could they provide
> that can't be forged? Also,
ailop] Mailchimp / Mandrill App: European VS US Privacy Laws
Rule #1: Spammers lie. What sort of "proof of opt-in" could they provide that
can't be forged? Also, it does not follow from that requirement that senders
must be "identifiable." That may be a separate legal requireme
Benoit Panizzon wrote:
So the Mailchimp Abuse Desk was asked, with reference to the according
legal articles and proof that the email was sent by their customer, to
please disclose the identity of the customer sending those emails.
Mailchimp always answers, that they are a US company and are
> On Jun 10, 2016, at 10:30 AM, John Levine wrote:
>
>> With regard to Mailchimp, as a non-customer observer it seems to me that
>> pre-Mandrill was excellent, post-Mandrill not as much.
>
> Mandrill is automated, which makes vetting the customers a lot harder.
>
> They are
Rule #1: Spammers lie. What sort of "proof of opt-in" could they provide
that can't be forged? Also, it does not follow from that requirement that
senders must be "identifiable." That may be a separate legal requirement,
but it doesn't logically follow from the opt-in proof requirement.
I also do
> On Jun 10, 2016, at 10:30 AM, John Levine wrote:
>
>> With regard to Mailchimp, as a non-customer observer it seems to me that
>> pre-Mandrill was excellent, post-Mandrill not as much.
>
> Mandrill is automated, which makes vetting the customers a lot harder.
>
> They are
>
> International law? There's no international spam law. I know people
> who spend full time trying to piece together spam cases using whatever
> law applies in whatever places bits of the spamming happens.
>
> As others have noted, US companies are not subject to Swiss law, just
> as Swiss
>I agree. But that doesn't mean he can't get a satisfactory answer about the
>international law aspect. And by satisfactory I
>mean one that makes sense, not necessarily one that he is going to like. ;-)
International law? There's no international spam law. I know people
who spend full time
>With regard to Mailchimp, as a non-customer observer it seems to me that
>pre-Mandrill was excellent, post-Mandrill not as much.
Mandrill is automated, which makes vetting the customers a lot harder.
They are painfully aware of that, not sure what they're currently
doing about it.
On 6/10/16 8:31 AM, Suresh Ramasubramanian wrote:
I would guess they're happy to can their customer but they are refusing to tell
Benoit who the customer is. Which sounds fair to me.
May be fair, may be not depending on the proactive/reactive weight.
In other words, weight given to
> Venturing an opinion on how much jurisdiction a law enforcement or regulatory
> Organization is prepared to assert in a cross border scenario isn't going to
> fly too far
>
> Did you try to identify the spammer with a dummy purchase If he is doing
> something illegal?
>
> --srs
>
>> On
Venturing an opinion on how much jurisdiction a law enforcement or regulatory
Organization is prepared to assert in a cross border scenario isn't going to
fly too far
Did you try to identify the spammer with a dummy purchase If he is doing
something illegal?
--srs
> On 10-Jun-2016, at 9:09
I would guess they're happy to can their customer but they are refusing to tell
Benoit who the customer is. Which sounds fair to me.
--srs
> On 10-Jun-2016, at 8:44 PM, Anne Mitchell wrote:
>
> Benoit, please contact me offlist, and I will see about getting you to the
>
> On Jun 10, 2016, at 1:09 AM, Benoit Panizzon wrote:
>
> I have seen similar cases on many occasions.
>
> But what disturbed me most here, is the lack of legal cooperation from
> mailchimp. It was obvious, that the sender was located in either
> Switzerland or italy.
Hi Matthias
> > Therefore, the sender must be identifiable. If the sender is not
> > identifiable, the ISP of the sender must provide the identity of the
> > sender.
>
> On what legal theory is this based on?
I am not a lawyer, but in my job I had some contacts with OFCOM, SECO,
Benoit,
> Therefore, the sender must be identifiable. If the sender is not
> identifiable, the ISP of the sender must provide the identity of the
> sender.
On what legal theory is this based on?
> Art. 8 Right to information
>
Hi Suresh
> As I doubt that mailchimp operates under Swiss jurisdiction- and they
> probably have a customer contract that stipulates US jurisdiction ..
> you'd have to rely on them suspending the spammer.
I am aware of that. But the way mailchimp operates now, is as a spamer
heaven.
I don't
Hi Suresh
> They aren’t under any obligation to reveal customer identity to you
> and would potentially face legal liability for doing so.
This is exactly the problem.
Privacy Laws in Switzerland (and most other countires I know) states,
that the sender must provide proof of opt-in.
Therefore,
There seems to be a miscommunication - I personally have seen Mailchimp /
Mandrill suspend a large number of spamming customers.
However your request - which asks to identify a customer - would probably get
routed to the legal department rather than a competent abuse team and that
might
Hi List
I wonder how other Email Ops, especially in Europe, handle Mailchimp and
Mandrill App.
They are a constant issue with the Swinog Blacklists.
The problem boils down with differences in the privacy laws of US vs EU.
In Switzerland (and probably most EU countries too), a company who
sends
38 matches
Mail list logo