On 26 Apr 2018, at 16:41 (-0400), L A Walsh wrote:
To my way of thinking, dropping someone else's email,
telling the sender the email is being rejected for having
spam-like characteristics and telling the recipient nothing
seems like it might have legal liability for the for the
user potentially missing vital email.
Not so much, at least not in the US, Canada, or the EU. There are safe
harbor provisions in the relevant laws (e.g. COPPA and CAN-SPAM in the
US) protecting service providers from liability for errors in their good
faith efforts at filtering out harmful material. Beyond that, email end
users typically have a business relationship only with their immediate
service provider to whom they first submit a message, NOT with any
intermediaries between their provider and the ultimate recipient
end-user. Internet email is a loose store-and-forward system. A
message's transport path usually has 3 transactions involved (but often
more) with usually exactly 1 of those being governed by no specific law
or any contract between the parties involved. At that interface, only
courtesy and pragmatic interoperability concerns govern, and it provides
a wall between the parties accountable to the sender and those
accountable to the recipient. NO party involved in normal cross-provider
email transport has obligations to both end users.
It also would seem to violate what used to be a basic expectation of
internet email -- that it is either delivered
to the recipient's inbox OR you'll receive a
non-delivery notification (a "bounce").
How is being told using a standard mechanism during initial submission
that the mail is rejected by a spam filter not the operational
equivalent of a bounce message? That is precisely the mechanism that
would cause an intermediary MTA to construct and send a non-delivery
notification message.
It has ALWAYS been true for the entire existence of SMTP (and of its
relatively new "Message Submission" subset) that the server side of a
SMTP transaction can reject the transaction at any step and that the
client side has the only duty to notify anyone and that it should ONLY
notify the sender, NOT the recipient.
Furthermore, for me, about 20-25% of the email lists I used
to be on have policies to drop subscribers w/o notice if an
email cannot be delivered.
[ examples of how various entities do good, bad, or no notification
elided... ]
I hope some of those who think it was a good practice to
delete a user's email (because they think it is malware)
might rethink that practice.
There is a huge difference between deleting stored delivered mail and
refusing to accept deliver mail.
I didn't realize email was no longer considered unreliable
primarily due to spam scanning.
For the entire history of the Internet, cross-domain email has been an
intrinsically unreliable means of communication. Whoever made you think
otherwise deceived you.
I wonder if that will
happen for USPS letters: getting permanently dropped due
to the envelop having SPAM-like characteristics (like
most bulk mail).
USPS is a government entity with special privileges and duties defined
in law and/or by regulations promulgated to implement the governing law.
They handle every step of delivery from sender to recipient and are
prepaid by every sender to perform end-to-end delivery.
In most of the Internet-heavy world, no email provider has any of those
supporting features of reliability, even within their own home nations.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
