This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/cooperation-wg@ripe.net/
[cooperation-wg] SMTP forwarding in the face of Data Protection Directive
- Previous message (by thread): [cooperation-wg] SMTP forwarding in the face of Data Protection Directive
- Next message (by thread): [cooperation-wg] SMTP forwarding in the face of Data Protection Directive
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Patrik Fältström
patrik at frobbit.se
Wed May 18 22:25:49 CEST 2011
Just a clarifying question...you talk about consent acquired regarding the fact the email address will be processed (i.e. personal data will be processed)? Patrik On 18 maj 2011, at 20.56, Alessandro Vesely wrote: > Hi all, > can a tool for lawfully acquiring a user's consent via the Internet > motivate SMTP operators to modify their procedures in such a way that > spam can be countered more effectively? Let me please expand slightly > on this question, I'll try and be concise. > > It is well known that the Simple Mail Transfer Protocol provides for > replacing the envelope recipient with one or more other email > addresses. This server forwarding is not to be confused with manually > forwarding a message from a client. Mailing lists and newsletters are > operated that way, as well as redirection configured by means of "dot > forward" static files. Since email addresses are personal data, their > processing is covered by Directive 95/46/EC. > > How is the data subject's consent acquired? In response to the Data > Protection Directive, operators should have defined a protocol for > obtaining and keeping proof of the consent. It never happened. In > facts, it is very difficult to introduce new protocols for email --new > protocols for web operations come about much more frequently. > > Evidence that consent has been granted can be provided by the data > subject's mail exchanger (MX, a.k.a. the user's incoming mail server). > It can digitally sign a notification from the data processor. That > way, the user's server becomes aware of a new wanted stream of > messages, and can whitelist it. That is, it can skip anti-spam > checking for those messages. As bulk messages account for a > significant part of legitimate mail, anti-spam measures could then be > significantly strengthened. > > The users' advantage is to have an automatically maintained list of > subscriptions, and a uniform interface to manage them. Currently, > users have to interact with what can be called a "time-distributed > database", in the sense that monthly or yearly they may receive > subscription reminders... > > The obvious shortcoming of this idea is that mail server operators > simply won't install any new software if their systems can work > acceptably well without it. However, acquiring written consent is > such a pain to many businesses that, perhaps, they will install that > software if it helps complying with privacy issues. What do you think? > > TIA for any comment > >
- Previous message (by thread): [cooperation-wg] SMTP forwarding in the face of Data Protection Directive
- Next message (by thread): [cooperation-wg] SMTP forwarding in the face of Data Protection Directive
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]