<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Another sad proof of why the industry can't handle the UCE issue

  • To: Dave Wilson < >
  • From: Paul Wouters < >
  • Date: Fri, 22 Oct 1999 13:54:48 +0200 (MET DST)

On Fri, 22 Oct 1999, Dave Wilson wrote:

> > Exceptions to opt-out are a fundamental issue to that structure working at all
> 
> ... but "you can never mail me, ever" sets some uncomfortable precedents
> of its own.

Actually, it' very comfortable. If you do as that user told you when it chose
the opt-out. It would in fact be an excellent reason to entice people to opt-in.
"Sorry, but you choose the opt-out, don't blame us now".

> e.g.1: As an academic ISP, I insist on having contact emails for my
> customers; I insist on being allowed to contact them individually or
> en masse with serious network issues.

This is a fairly direct contact. You know your customer. Most UCE is sent
by indirect contact or address harvesting with no prior contact at all.
Example 1 is not an issue. First, you will dictate that to become a client or
user, you must provide an email address for network-issues. Second, as long
as you don't announce outages every day, they won't consider this spam.
(and in the latter, they will be too busy to complain about the outages to worry 
about spam :)

> e.g.2: A while ago an important FTP server was hacked (can't remember
> which) and in the day or so it was compromised several dozen people
> downloaded a backdoored version of the software there. The maintainer
> contacted the people who left their email addresses to let them know
> what happened - and, unbelievably, got spam complaints.

(I guess you mean wintue). Well, that is plain silly. Perhaps a clearer
notification of the option "supply email as password" is needed in some ftp
clients. Perhaps these were automated spam detectors, and the mail got sent
in a way that identified it as spam (eg bcc:ed list)?

> It is very uncomfortable for a service provider or a software distributor
> to have a list of people who they *know* are using a faulty product, and
> know that contacting them will save an awful lot of headaches and damage,
> and still not be sure about using their address because the individual
> clicked on the "don't spam me" box.

Two ways out. One is to not insist on people leaving their email address if they
don't want to be contacted anyway. In that case you rid yourself of guilt, because
you can't contact them even if you felt it neccessary. the second is, as has been
stated before, to differentiate better and make several classes of email of
which people can select opt-ou, one of them being emergency security announcements.
On the topic of Microsoft, they release new versions of their OS on every new batch of CD', 
and you need to be a skilled computer user to even see what version you have
(win95 a,b,osr2, 98, 98 2nd release, upd1 for word, upd2 for word etc)
Microsoft doesn't give a damn that many win95a users are still using Internet Explorer 0.1
In this case, it is clearly used as excuse by marketing people. The reason I didn't make this
point earlier is that it requires knowledge outside the email to decide this issue. One should never
base the decision of a certain email being UCE or not on content. Because then you're censoring.
Rejection of email should be based on distribution issues, not on content.

> I like things the way they are now, for this issue at least. Each company
> should be allowed to use its discretion on what constitutes a serious
> customer matter. If they abuse that, or if marketingspeak is allowed creep
> into their "important security announcements", they'll be RBLed in no
> time flat.
 
But it's not a solution. It is a better then nothing approach. As carrier, I don't want to
need to consider what is marketingspeak and what is not. Also, the RBL isn' guarenteed
survival. If enough companies decide to ignore being blacklisted, it will become harder for ISP's
to honour the blocking. I'd have a hard time justifying a block of microsoft.com or apple.com
to my customers. Unless it is backed by a policie or code of conduct, and I can be sure that my
clients will have the same restriction at my competitor.

Paul
-- 

"It's all Quantum"
                         --- Terry Pratchett, Pyramids





  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>