Re: Proposed EU Directive on Electronic Commerce
- Date: Mon, 18 Jan 1999 19:18:01 +0100 (MET)
On Mon, 18 Jan 1999, Ulf Vedenbrant wrote:
> > Meanwhile: we need to decide among ourselves how we want a spam message to be
> > brought to our attention. I'm open to a combo X-UCE: Yes *plus* Subject:
> > [UCE] ...?
>
> If you put the indication of UCE in the headers inside the mail then
> all mta's has to parse the message to look for this mark.
> It is a lot more effective to check a tag in the SMTP/ESMTP negotiation...
>
Yeah but "MAIL FROM: uffe@localhost" looks uglier :-)
Seriously, maybe a combination would be best? A header feels more...
secure - It is a part of the mail message and unlikely to get dropped
or modified somewhere in transit, while e.g. the "MAIL FROM" in the
SMTP negotiation doesn't feel as safe from modification somewhere
along the line. But maybe I'm just being paranoid? Also, of course, if
you want e.g. classification of the type of UCE, it'll be difficult to
put that too in the (E)SMTP negotiation.
Changing e.g. the "MAIL FROM" when talking to other mail servers
shouldn't have to mean not using a specific header aswell. The question
is what should be mandatory for the originator of a message I guess.
Let's say ISP X hosts an advertiser (I won't say 'spammer' here) with a
dialup account. The advertiser feels compelled to abide by the law so
he puts "X-UCE: Yes" in his email, then connects to ISP X's mail server
and uploads the message, which is addressed to person@localhost. ISP X's
mail server will then parse the message, find out it contains "X-UCE: Yes"
and therefore know it is UCE. The mail server will then connect to
company.com's mailserver and in the negotiation phase tell it that the
message it is about to send is UCE, which means that company.com has
the option of not receiving the mail at all.
Now, let's say ISP X is a spam-friendly ISP that would like to make
things easier for the spammers. They might choose not to say anything
about the message being UCE in the negotiation phase if that isn't
required by law. BUT - would it help them? No... it'd just mean a
little more CPU wasted on company.com's mailserver and their failure
to supply information about the message would be immediately revelaed
which means company.com could decide to stop receiving messages from
them at all if they liked. It'd be very easy to put pressure on sites
not bothering to tell receiving (E)SMTP servers if messages are UCE
or not in the negotiation phase.
What do you think about all that? That is, requiring a mail header
by law, and set a standard of having (E)SMTP servers inform eachother
in the negotiation phase when they see the presence of that mail header
or when they themselves have previously been informed in the negotiation
phase.
/Ragnar