Hello David On 2004-12-04 David Schmitt wrote: > Has anyone considered how greylisting should be viewed in the light of > european data-protection laws? Especially in Austria it would probably > conflict with the requirement to keep connectiondata no longer than > required for billing.
"I am not a lawer", but according to German law, which should be very simillar, I see no problem. "Teledienstedatenschutzgesetz" says rougly translated in §6 (Usage Date): 1) the provider may collect/use/compute personal data without explicit agreement only in so far as it is neccessary to make the tele services available and billable... 6) the provider may store usage data ... at most until the end of the sixth month after sending the bill... So I would assume storing the greylist-triple it's neccessary (->1) for greylistd which is part of "the mail server". You need to collect the greylist tripels only until the mail has been received for the second and final time. Until then it's the same problem as with all those "relay denied" or "[EMAIL PROTECTED] user unknown" log messages that are all over the log file, which gets rotated away much sooner anyway. More problematic could be the fact that you delay the mail, maybe you have postal requirements that demands from you to deliver the mail as fast as you get it... at least you should tell your customers that their mails can be delayed for the price of (currently) much less spam. bye, -christian-
