Signed by whom? First off, this would require that sign-ups be transferred from web to email. Secondly, I can see how it could easily be forged. All I'd have to do is set up a mail server to send DKIM-signed email for each "opt-in" request, each with a different DKIM domain out of a set of pre-registered rotating domains. Bingo! "proof" of opt-in. Spammers have been doing this for years w/ IP-based date/time/IP-formatted opt-in proof requests.
-Tim On Fri, Jun 10, 2016 at 12:32 PM, Michael Wise <michael.w...@microsoft.com> wrote: > A DKIM-signed submission request? > > With IP, time stamp, and such like would be pretty undeniable intent to > subscribe, IMHO. > > Or provide plenty of fodder for the sysadmin of the domain in question to > track down the imposter. > > > > Aloha, > > Michael. > > -- > > *Michael J Wise* | Microsoft | Spam Analysis | "Your Spam Specimen Has > Been Processed." | Got the Junk Mail Reporting Tool > <http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? > > > > *From:* mailop [mailto:mailop-boun...@mailop.org] *On Behalf Of *Tim Starr > *Sent:* Friday, June 10, 2016 11:14 AM > *To:* mailop@mailop.org > *Subject:* Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy > Laws > > > > Rule #1: Spammers lie. What sort of "proof of opt-in" could they provide > that can't be forged? Also, it does not follow from that requirement that > senders must be "identifiable." That may be a separate legal requirement, > but it doesn't logically follow from the opt-in proof requirement. > > > > I also do not see how this matters when it comes to blacklist operations. > "Tell me who your customer is so legal action can be taken against them" is > what the law you cite seems to amount to. You are perfectly to block or > blocklist anyone you want no matter what the law says. > > > > Tim Starr > > > > On Fri, Jun 10, 2016 at 2:50 AM, Benoit Panizzon <benoit.paniz...@imp.ch> > wrote: > > Hi Suresh > > > They aren’t under any obligation to reveal customer identity to you > > and would potentially face legal liability for doing so. > > This is exactly the problem. > > Privacy Laws in Switzerland (and most other countires I know) states, > that the sender must provide proof of opt-in. > > Therefore, the sender must be identifiable. If the sender is not > identifiable, the ISP of the sender must provide the identity of the > sender. > > So an ISP does not face any legal liability on providing the identity > of the sender as this is a legal requirement and the ISP acts according > the law. > > There are court cases confirming this procedure. > > If this procedure and priority of privacy requirements is not observed, > a spamer can never be prosecuted or blocked. The spamer can just > pretend, that all his addresses are opt-in and that he acts legally but > never has to prove it. Therefore Mailchimp cannot block him, or he can > request to be unblocked because he claims towards mailchimp, that the > spam reports are wrong and he has proof of opt-in from the recipients, > which he never has to show anyone. > > The spamer could probably even prosecute mailchimp for blocking him or > canceling his services. > > The users of our Blacklist request that we block mailchimp for not > respecting privacy laws and not providing the legal identity of the > spamers so they can provide a proof of opt-in or be made liable for not > respecting the mass advertising law. > > So, do you have any suggestions on how to solve this issue? > > Legal References: > > Art. 8 Right to information > https://www.admin.ch/opc/en/classified-compilation/19920153/index.html#a8 > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.admin.ch%2fopc%2fen%2fclassified-compilation%2f19920153%2findex.html%23a8&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ZpGFu3qWItPwow8WXAZu4rPhu7VSH%2foL4GqMOoqxzbU%3d> > > Art. 82 Communication of data to identify nuisance calls and unfair > mass advertising > https://www.admin.ch/opc/en/classified-compilation/20063267/index.html#a82 > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.admin.ch%2fopc%2fen%2fclassified-compilation%2f20063267%2findex.html%23a82&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=9DONBln1QKev3dAyS2Kq3h64xwH0vdMa5JEr1yDbRqE%3d> > > Bundesgesetz gegen den unlauteren Wettbewerb (unfortunately not > translated by admin.ch > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fadmin.ch&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=QQrBwhHA%2f9%2bwmi%2fTBVgpOoCtS13CfblYjNFk6XX0%2bZA%3d> > ) > https://www.admin.ch/opc/de/classified-compilation/19860391/index.html > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.admin.ch%2fopc%2fde%2fclassified-compilation%2f19860391%2findex.html&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=w%2btWSiBOIud2wDmjI13WsNIeNJlxYRRoRD7HMiuqpQM%3d> > > -Benoît Panizzon- > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 Pratteln Fax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.imp.ch&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=s%2bXfm3eTStD0SNnhWCQ%2f%2fhmWskyGIk2K9%2bi9iqEd1wE%3d> > ______________________________________________________ > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c48b91e0665e546c77d9d08d3915bba9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=0SfoFKj4HjjWx5QFf2aJjM9F7rC2NpIDwiviExiCUjs%3d> > > >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop