>When we look at the SMTP session we MUST NOT log anything that leads back to
>the real person or lets us track the person down. If we log we use hashes to
>destroy a trackable connection.
* Matus UHLAR - fantomas <uh...@fantomas.sk>:
I thought that the EU requires providers to log the sender and
recipient... so you log their hashes instead of e-mail addresses?
On 23.08.11 17:10, Patrick Ben Koetter wrote:
DISCLAIMER: I AM NOT A LAWYER. THIS IS NOT LEGAL ADVICE. So don't sue me for
talking about laws without being a lawyer ...
ok
To my knowledge the whole field of data retention is a moving target. IIRC
ISPs are required to keep log data for a given period, but they must not keep
deep traces without reason. Reason would be a federal inquiry that orders you
to log everything from the connection until disconnect.
well, is logging of from and to addresses a deep trace?
In general, in Germany, we must not collect any data unless there is a reason.
If we start collecting data for statistics we break that principle. To get
around that we destroy the backward link to an identity
Being able to tell customer that if/when their mail was delivered, or
why it was rejected, is not a valid reason?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.
