Re: Proposed EU Directive on Electronic Commerce
- Date: Fri, 15 Jan 1999 13:02:41 +0000
> > Sure enough, adding "UCE" to a Subject: line is a lot
> > easier and works with all user mailers. However, it's
> > *not* up to ISP's to filter on Subject: lines!
[snip]
> I believe this is less of a problem than you make out. If `"UCE" in
> the subject line' were adopted as a standard, then I'm sure we'd see
> the popular mailers not only having the option to filter on that
> standard, but also generating warnings to prevent users accidentally
> sending mail that could be interpreted as UCE.
Adding meaning to the Subject: line like this is a dangerous thing to do, and
unnecessary when we have an X-Header: system which would do the job more
cleanly.
The problem would not be the 99.9pc of mail and the 98pc of people who are
unaffected. The problem will be the conversations on Spruce trees that one or
two over-zealous ISPs will inevitably direct to /dev/null.
A small few over-zealous filters are already causing problems at present
(examples: rejection of MAIL FROM: <>, rejection of 3rd-level subdomains with
no A record despite existence of an MX record). Despite the fact that the ISPs
involved are violating RFCs, in my experience it has been much easier to
simply kludge a solution locally than to convince the remote ISP of their
error.
If the only reason to filter on Subject lines is to allow end users to spam
using their regular mail program, I would suggest that we should *discourage*
users from using their Outlooks and Eudoras to send bulk mail. Rather, they
should be directed to efficient, dedicated tools and methods (and while
they're about it, a page on how not to repeat the mistakes of the past).
The rules should remove leave as little room for doubt as possible; quite
enough is introduced by Real Life anyway.
> > Second, the EC Directive by definition applies only to
> > the EC [Member States]. But reality is that the vast
> > majority of the spam comes from the USA, and users out
> > there are in no way bound to some EC Directive.
>
> There's plenty of scope for people to agree a common standard, if the
> will is there...
All the above said, the single most important issue is for a *common* standard
to be reached. Having to implement N filters, where N is the number of
countries or states that have set down laws to date, leaves us with all of the
unreliability and none of the convenience.
The directive that was quoted only seems to require EU states to pick a method
of identification, not to actually agree on one.
> > Third, spammers hide themselves and cover their tracks.
> > No EC Directive is going to change that.
Sensible legal controls on UCE that require identification will pave the way
for us to attack problem #2: hit and run spammers.
> I don't understand why you think that a user wouldn't be allowed to
> instruct their ISP not to deliver messages matching a certain pattern
> to them - why should the fact that it is legal to send a message
> compel someone to receive it?
This area is fraught with difficulties. Any legal approaches will have to be
thought through *very* carefully for their real-life effects.
It is possible that an ISP may be considered in violation of its own terms of
service if it selectively fails to deliver mail to a recipient. And yet, the
directive that George posted only requires mail to be visible as spam when it
reaches the *recipient*. The directive does not require laws to recognise the
role of the ISP in filtering spam.
I am inclined to believe, personally, that the directive is based upon
reducing the nuisance to the user, but not the threat to the ISP. As Chapter 1
of the O'Reilly book on Spam says, You Can't Just Click "Delete".
Regards,
Dave