Re: Email filtering theory and the definition of spam
On 20180208 07:23, David Jones wrote: On 02/07/2018 06:28 PM, Dave Warren wrote: On Wed, Feb 7, 2018, at 15:52, Martin Gregorie wrote: Technically, you asked for the email and they have a valid opt-out process that will stop sending you email. Yes, the site has scummy practices but that is not spam by my definition. Yes, under EU/UK that counts as spam because the regulations say that the signer-upper must explicitly choose to receive e-mail from the site, and by-default sign-in doesn't count as 'informed sign-in'. Canadian law is the same, this is absolutely spam without any ambiguity. But how can you tell the difference based on content then? You can't. Two different senders could send the exact same email and one could be spam from tricking the recipient to opt-in and another could be ham the recipient consciously opted into. This would have to be blocked or allowed based on reputation. One would train the message as spam in their Bayes database and allow trusted senders via something like a domain whitelist, URI whitelist, or a whitelist_auth entry. We are back to needing a curated WL based on something like DKIM. Alex just made me aware of http://dkimwl.org/ which looks brilliant. Exactly lines up with how I filter and what I have been wanted to do for a couple of years now. A community-driven clearing house for trusted senders. If this is done as well as the bozos who block Earthlink then it will be largely useless. Who supervises the volunteers to keep them from being lazy, careless, or politically biased? {^_^}
Re: Email filtering theory and the definition of spam
On Thu, 2018-02-08 at 09:23 -0600, David Jones wrote: > On 02/07/2018 06:28 PM, Dave Warren wrote: > > On Wed, Feb 7, 2018, at 15:52, Martin Gregorie wrote: > > > > Technically, you asked for the email and they have a valid opt- > > > > out > > > > process that will stop sending you email. Yes, the site has > > > > scummy > > > > practices but that is not spam by my definition. > > > > > > > > > > Yes, under EU/UK that counts as spam because the regulations say > > > that > > > the signer-upper must explicitly choose to receive e-mail from > > > the > > > site, and by-default sign-in doesn't count as 'informed sign-in'. > > > > Canadian law is the same, this is absolutely spam without any > > ambiguity. > > > > But how can you tell the difference based on content then? You > can't. Two different senders could send the exact same email and one > could be spam from tricking the recipient to opt-in and another could > be ham the recipient consciously opted into. > You can't, but that should not matter because the recipient can sign in and cancel the opt-in. If this doesn't work then, in the UK, you can report them to the ICO which should get the company reprimanded and, for a repeat offender, may get them a fine. Under the new privacy rules, which apply from May, non-compliance may get them a fairly heavy smack round the chops, so I think its likely that legit companys will clean up their act. OTOH waking up the ICO may not work if, like the automated cold callers, the spamming company dodges the fine by declaring bankruptcy before reappearing under another name and going on spamming. There's another related point which may not have sunk in yet: because of the way the new privacy regime will work, you must be able to tell any company where you have an account, that you no longer need it and that they must cancel the account and delete your details as soon as any outstanding activities, bills, etc. have been completed. I notice that there are still a lot of websites that do not provide any way of cancelling an account, so this is something they'll have to provide sooner rather than later. Martin
Re: Email filtering theory and the definition of spam
Hi All, dkimwl.org is a site owned and run by myself. A little bit of work is required to get the TOU sorted - I'd floated the idea some time ago but not much interest was seen so I stopped work on the front end services. The backend and classification/voting system is in place and should work without too much hassle. If people are looking at this as a wanted service I can definitely spend some time updating and cleaning up the last bits that need fixing. Thanks for the heads up re: SSL Please feel free to get in touch if you want to share ideas / help Paul On 08/02/2018, 16:09, "Tom Hendrikx" wrote: On 08-02-18 16:33, Giovanni Bechis wrote: > On 02/08/18 16:23, David Jones wrote: >> On 02/07/2018 06:28 PM, Dave Warren wrote: >>> On Wed, Feb 7, 2018, at 15:52, Martin Gregorie wrote: > Technically, you asked for the email and they have a valid opt-out > process that will stop sending you email. Yes, the site has scummy > practices but that is not spam by my definition. > Yes, under EU/UK that counts as spam because the regulations say that the signer-upper must explicitly choose to receive e-mail from the site, and by-default sign-in doesn't count as 'informed sign-in'. >>> >>> Canadian law is the same, this is absolutely spam without any ambiguity. >>> >> >> But how can you tell the difference based on content then? You can't. Two different senders could send the exact same email and one could be spam from tricking the recipient to opt-in and another could be ham the recipient consciously opted into. >> >> This would have to be blocked or allowed based on reputation. One would train the message as spam in their Bayes database and allow trusted senders via something like a domain whitelist, URI whitelist, or a whitelist_auth entry. >> >> We are back to needing a curated WL based on something like DKIM. Alex just made me aware of http://dkimwl.org/ which looks brilliant. Exactly lines up with how I filter and what I have been wanted to do for a couple of years now. A community-driven clearing house for trusted senders. >> > dkimwl.org looks promising, but tell them their https cert has expired. > Giovanni > Also, they refer to the TOU for acceptable usage, but both /terms and /license have a 404. Kind regards, Tom -- Paul Stead Senior Engineer (Tools & Technology) Zen Internet Direct: 01706 902018 Web: zen.co.uk Winner of 'Services Company of the Year' at the UK IT Industry Awards This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. Zen Internet Limited may monitor email traffic data to manage billing, to handle customer enquiries and for the prevention and detection of fraud. We may also monitor the content of emails sent to and/or from Zen Internet Limited for the purposes of security, staff training and to monitor quality of service. Zen Internet Limited is registered in England and Wales, Sandbrook Park, Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01
Re: Email filtering theory and the definition of spam
On 08-02-18 16:33, Giovanni Bechis wrote: > On 02/08/18 16:23, David Jones wrote: >> On 02/07/2018 06:28 PM, Dave Warren wrote: >>> On Wed, Feb 7, 2018, at 15:52, Martin Gregorie wrote: > Technically, you asked for the email and they have a valid opt-out > process that will stop sending you email. Yes, the site has scummy > practices but that is not spam by my definition. > Yes, under EU/UK that counts as spam because the regulations say that the signer-upper must explicitly choose to receive e-mail from the site, and by-default sign-in doesn't count as 'informed sign-in'. >>> >>> Canadian law is the same, this is absolutely spam without any ambiguity. >>> >> >> But how can you tell the difference based on content then? You can't. Two >> different senders could send the exact same email and one could be spam from >> tricking the recipient to opt-in and another could be ham the recipient >> consciously opted into. >> >> This would have to be blocked or allowed based on reputation. One would >> train the message as spam in their Bayes database and allow trusted senders >> via something like a domain whitelist, URI whitelist, or a whitelist_auth >> entry. >> >> We are back to needing a curated WL based on something like DKIM. Alex just >> made me aware of http://dkimwl.org/ which looks brilliant. Exactly lines up >> with how I filter and what I have been wanted to do for a couple of years >> now. A community-driven clearing house for trusted senders. >> > dkimwl.org looks promising, but tell them their https cert has expired. > Giovanni > Also, they refer to the TOU for acceptable usage, but both /terms and /license have a 404. Kind regards, Tom signature.asc Description: OpenPGP digital signature
Re: Email filtering theory and the definition of spam
On 02/08/18 16:23, David Jones wrote: > On 02/07/2018 06:28 PM, Dave Warren wrote: >> On Wed, Feb 7, 2018, at 15:52, Martin Gregorie wrote: Technically, you asked for the email and they have a valid opt-out process that will stop sending you email. Yes, the site has scummy practices but that is not spam by my definition. >>> Yes, under EU/UK that counts as spam because the regulations say that >>> the signer-upper must explicitly choose to receive e-mail from the >>> site, and by-default sign-in doesn't count as 'informed sign-in'. >> >> Canadian law is the same, this is absolutely spam without any ambiguity. >> > > But how can you tell the difference based on content then? You can't. Two > different senders could send the exact same email and one could be spam from > tricking the recipient to opt-in and another could be ham the recipient > consciously opted into. > > This would have to be blocked or allowed based on reputation. One would > train the message as spam in their Bayes database and allow trusted senders > via something like a domain whitelist, URI whitelist, or a whitelist_auth > entry. > > We are back to needing a curated WL based on something like DKIM. Alex just > made me aware of http://dkimwl.org/ which looks brilliant. Exactly lines up > with how I filter and what I have been wanted to do for a couple of years > now. A community-driven clearing house for trusted senders. > dkimwl.org looks promising, but tell them their https cert has expired. Giovanni
Re: Email filtering theory and the definition of spam
On 02/07/2018 06:28 PM, Dave Warren wrote: On Wed, Feb 7, 2018, at 15:52, Martin Gregorie wrote: Technically, you asked for the email and they have a valid opt-out process that will stop sending you email. Yes, the site has scummy practices but that is not spam by my definition. Yes, under EU/UK that counts as spam because the regulations say that the signer-upper must explicitly choose to receive e-mail from the site, and by-default sign-in doesn't count as 'informed sign-in'. Canadian law is the same, this is absolutely spam without any ambiguity. But how can you tell the difference based on content then? You can't. Two different senders could send the exact same email and one could be spam from tricking the recipient to opt-in and another could be ham the recipient consciously opted into. This would have to be blocked or allowed based on reputation. One would train the message as spam in their Bayes database and allow trusted senders via something like a domain whitelist, URI whitelist, or a whitelist_auth entry. We are back to needing a curated WL based on something like DKIM. Alex just made me aware of http://dkimwl.org/ which looks brilliant. Exactly lines up with how I filter and what I have been wanted to do for a couple of years now. A community-driven clearing house for trusted senders. -- David Jones
Re: Email filtering theory and the definition of spam
On Feb 7, 2018, at 06:17, David Jones wrote: > > Hypothetical question: If you signed up for a new account on a website and > they had a small checkbox that was enabled to receive emails from them and > you didn't see it to uncheck it, when you get an email from them a month > later, is that spam? Yes, because i didn't ask for it. Now, will I blackhole all such emails? Eh, probably not. When I bought a t-shirt and the company sent me marketing emails, I went in and un subbed because, frankly, that was the simplest laziest thing I could do. Now, if I un sub and they send more mail, or tell me it will take 30 days to remove my email, THEN I nuke them. But if it's commercial mail i didn't specifically ask to receive, it's spam. -- This is my signature. There are many like it, but this one is mine.