Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Eric > So all I need to do to shut down a competitor is sign up for their > mailing list, then issue a complaint to their ESP? It's not that easy :-). If you signed up, your competitor can provide a proof (Time, IP-Address, received verification email) you signed up to you and the ESP. So you

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Jay > ESP to victim: That mail was sent on behalf of ABC Company, and you > can contact them [here]. We don't tolerate spammers, and our customer > contracts require openness so these issues can be resolved. Attached > is a PDF of their signed statement where they certify that they have >

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Laura > > There is no need to involve a lawyer. > > There is if you’re asking a company to release customer information > to you. Which is what your request of Mailchimp is. Could you please provide legal background to your statement? I have been in contact with the legal advisers of OFCOM

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

] Mailchimp / Mandrill App: European VS US Privacy Laws > On Jun 13, 2016, at 9:59 AM, Jay Hennigan <mailop-l...@keycodes.com> wrote: > > On 6/13/16 12:45 AM, Suresh Ramasubramanian wrote: >> Now you’re arguing legal contracts here - that vendor has a legal contract >>

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> On Jun 13, 2016, at 9:59 AM, Jay Hennigan wrote: > > On 6/13/16 12:45 AM, Suresh Ramasubramanian wrote: >> Now you’re arguing legal contracts here - that vendor has a legal contract >> with whoever this spammer is. While they can terminate the account in >>

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

On 6/13/16 12:45 AM, Suresh Ramasubramanian wrote: Now you’re arguing legal contracts here - that vendor has a legal contract with whoever this spammer is. While they can terminate the account in question, they certainly can’t expose any customer data to you. In the US, they aren't under

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> On Jun 13, 2016, at 12:14 AM, Benoit Panizzon wrote: > > Hi Laura > >> Again, were you approaching this as an individual or was your lawyer >> involved? > > There is no need to involve a lawyer. There is if you’re asking a company to release customer information to

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

lt;ml-mailop...@elcsplace.com>, mailop@mailop.org Verzonden: Zaterdag 11 juni 2016 03:11:12 Onderwerp: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws Keep that one sign-up message. It's a very small per-user piece of data, and it would certainly be proof enough and to spare for me

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Now you’re arguing legal contracts here - that vendor has a legal contract with whoever this spammer is. While they can terminate the account in question, they certainly can’t expose any customer data to you. You could of course contact local law enforcement and have them subpoena the data.

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Laura > Again, were you approaching this as an individual or was your lawyer > involved? There is no need to involve a lawyer. You don't need one. You contact the sender and request the proof of opt-in. If he does not comply, you file a complaint with the SECO (or you could try to fill one

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Tim > Rule #1: Spammers lie. What sort of "proof of opt-in" could they > provide that can't be forged? Also, it does not follow from that > requirement that senders must be "identifiable." That may be a > separate legal requirement, but it doesn't logically follow from the > opt-in proof

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

>> And why pull the public one if you do? > >That's how you invalidate the old key, mitigating the stolen key problem. >The point of cycling keys is to invalidate old ones. Also, by design, DKIM is intended for validating mail in transit, not long term archives. For that we have S/MIME and PGP.

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Why rotate keys that often? And why pull the public one if you do? Brandon On Jun 10, 2016 3:59 PM, "Ted Cooper" wrote: > On 11/06/16 05:02, Michael Wise via mailop wrote: > > Well, the From: domain would be a good start. > > > > It would certainly cut down on the

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

--Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Ted Cooper Sent: Friday, June 10, 2016 5:17 PM To: mailop@mailop.org Subject: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws On 11/06/16 09:29, Michael Wise via mailop wrote: > > ... when the

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

On 11/06/16 09:29, Michael Wise via mailop wrote: > > ... when the server receives it, it gets authenticated. > Or did you forget this? That doesn't help when attempting to provide "proof" of signup at some future date - it will simply be a message with a DKIM sig that can no longer be

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

ailop-boun...@mailop.org] On Behalf Of Ted Cooper Sent: Friday, June 10, 2016 3:53 PM To: mailop@mailop.org Subject: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws On 11/06/16 05:02, Michael Wise via mailop wrote: > Well, the From: domain would be a good start. > > It would

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

On 11/06/16 05:02, Michael Wise via mailop wrote: > Well, the From: domain would be a good start. > > It would certainly cut down on the trivial forgeries, and could easily > be transferred from the web to email with a single mailto: link. Any signed DKIM message can only be authenticated while

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

uot; | Got the Junk Mail Reporting Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tim Starr Sent: Friday, June 10, 2016 11:55 AM To: mailop@mailop.org Subject: Re: [mailop] Mailchimp / Mandrill App: European VS

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

im Starr > *Sent:* Friday, June 10, 2016 11:14 AM > *To:* mailop@mailop.org > *Subject:* Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy > Laws > > > > Rule #1: Spammers lie. What sort of "proof of opt-in" could they provide > that can't be forged? Also,

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

ailop] Mailchimp / Mandrill App: European VS US Privacy Laws Rule #1: Spammers lie. What sort of "proof of opt-in" could they provide that can't be forged? Also, it does not follow from that requirement that senders must be "identifiable." That may be a separate legal requireme

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Benoit Panizzon wrote: So the Mailchimp Abuse Desk was asked, with reference to the according legal articles and proof that the email was sent by their customer, to please disclose the identity of the customer sending those emails. Mailchimp always answers, that they are a US company and are

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> On Jun 10, 2016, at 10:30 AM, John Levine wrote: > >> With regard to Mailchimp, as a non-customer observer it seems to me that >> pre-Mandrill was excellent, post-Mandrill not as much. > > Mandrill is automated, which makes vetting the customers a lot harder. > > They are

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Rule #1: Spammers lie. What sort of "proof of opt-in" could they provide that can't be forged? Also, it does not follow from that requirement that senders must be "identifiable." That may be a separate legal requirement, but it doesn't logically follow from the opt-in proof requirement. I also do

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> On Jun 10, 2016, at 10:30 AM, John Levine wrote: > >> With regard to Mailchimp, as a non-customer observer it seems to me that >> pre-Mandrill was excellent, post-Mandrill not as much. > > Mandrill is automated, which makes vetting the customers a lot harder. > > They are

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> > International law? There's no international spam law. I know people > who spend full time trying to piece together spam cases using whatever > law applies in whatever places bits of the spamming happens. > > As others have noted, US companies are not subject to Swiss law, just > as Swiss

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

>I agree. But that doesn't mean he can't get a satisfactory answer about the >international law aspect. And by satisfactory I >mean one that makes sense, not necessarily one that he is going to like. ;-) International law? There's no international spam law. I know people who spend full time

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

>With regard to Mailchimp, as a non-customer observer it seems to me that >pre-Mandrill was excellent, post-Mandrill not as much. Mandrill is automated, which makes vetting the customers a lot harder. They are painfully aware of that, not sure what they're currently doing about it.

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

On 6/10/16 8:31 AM, Suresh Ramasubramanian wrote: I would guess they're happy to can their customer but they are refusing to tell Benoit who the customer is. Which sounds fair to me. May be fair, may be not depending on the proactive/reactive weight. In other words, weight given to

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> Venturing an opinion on how much jurisdiction a law enforcement or regulatory > Organization is prepared to assert in a cross border scenario isn't going to > fly too far > > Did you try to identify the spammer with a dummy purchase If he is doing > something illegal? > > --srs > >> On

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Venturing an opinion on how much jurisdiction a law enforcement or regulatory Organization is prepared to assert in a cross border scenario isn't going to fly too far Did you try to identify the spammer with a dummy purchase If he is doing something illegal? --srs > On 10-Jun-2016, at 9:09

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

I would guess they're happy to can their customer but they are refusing to tell Benoit who the customer is. Which sounds fair to me. --srs > On 10-Jun-2016, at 8:44 PM, Anne Mitchell wrote: > > Benoit, please contact me offlist, and I will see about getting you to the >

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

> On Jun 10, 2016, at 1:09 AM, Benoit Panizzon wrote: > > I have seen similar cases on many occasions. > > But what disturbed me most here, is the lack of legal cooperation from > mailchimp. It was obvious, that the sender was located in either > Switzerland or italy.

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Matthias > > Therefore, the sender must be identifiable. If the sender is not > > identifiable, the ISP of the sender must provide the identity of the > > sender. > > On what legal theory is this based on? I am not a lawyer, but in my job I had some contacts with OFCOM, SECO,

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Benoit, > Therefore, the sender must be identifiable. If the sender is not > identifiable, the ISP of the sender must provide the identity of the > sender. On what legal theory is this based on? > Art. 8 Right to information >

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Suresh > As I doubt that mailchimp operates under Swiss jurisdiction- and they > probably have a customer contract that stipulates US jurisdiction .. > you'd have to rely on them suspending the spammer. I am aware of that. But the way mailchimp operates now, is as a spamer heaven. I don't

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi Suresh > They aren’t under any obligation to reveal customer identity to you > and would potentially face legal liability for doing so. This is exactly the problem. Privacy Laws in Switzerland (and most other countires I know) states, that the sender must provide proof of opt-in. Therefore,

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

There seems to be a miscommunication - I personally have seen Mailchimp / Mandrill suspend a large number of spamming customers. However your request - which asks to identify a customer - would probably get routed to the legal department rather than a competent abuse team and that might

[mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

Hi List I wonder how other Email Ops, especially in Europe, handle Mailchimp and Mandrill App. They are a constant issue with the Swinog Blacklists. The problem boils down with differences in the privacy laws of US vs EU. In Switzerland (and probably most EU countries too), a company who sends