This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[cooperation-wg] SMTP forwarding in the face of Data Protection Directive

Previous message (by thread): [cooperation-wg] SMTP forwarding in the face of Data Protection Directive
Next message (by thread): [cooperation-wg] Participate Now: RIPE NCC Membership and Stakeholder Survey

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alessandro Vesely vesely at tana.it
Mon May 23 11:15:28 CEST 2011

On 23/May/11 09:09, Florian Weimer wrote:
> * Alessandro Vesely:
> 
>> How is the data subject's consent acquired?  In response to the Data
>> Protection Directive, operators should have defined a protocol for
>> obtaining and keeping proof of the consent.  It never happened.
> 
> It seems to me that the industry has come up with a pretty widely
> adopted protocol: send a probe message to the mailbox, and if that is
> confirmed, include the address in the distribution list.  At this point,
> the potential subscriber can also be told about list policies, including
> archival of messages submitted.

Mailing lists have been doing so for 40 years, they just miss proofs
of consent.  OTOH, commercial newsletters collect consent once, in
writing, e.g. as a checkbox on a manually signed printed form, and
then skip confirming the email address.  The latter behavior is
compliant with Directive 95/46/EC, but the relevant data cannot be
used for whitelisting because it is not machine-readable.  Thus, we
(Europeans) suffer the downside of privacy laws without enjoying the
advantages.

In some cases, users may consent that their personal data be shared
with other newsletters.  Such subscriptions are not going to be
notified to users: they'll receive messages without knowing how
senders got their addresses.

Finally, some brain damaged senders seek users' consent via email :-O

>> The users' advantage is to have an automatically maintained list of
>> subscriptions, and a uniform interface to manage them.  Currently,
>> users have to interact with what can be called a "time-distributed
>> database", in the sense that monthly or yearly they may receive
>> subscription reminders...
> 
> There are standardized mail headers which help to manage mailing list
> subscriptions.  They are rarely used in commercial environments, though.

Yeah, if List-Id and List-Unsubscribe were used consistently, with SPF
or DKIM authentication, it would be possible to gather subscriptions
and unsubscriptions unilaterally at recipients'.  But such bulk mailer
behavior is not currently specified by an official standard, AFAIK.

Previous message (by thread): [cooperation-wg] SMTP forwarding in the face of Data Protection Directive
Next message (by thread): [cooperation-wg] Participate Now: RIPE NCC Membership and Stakeholder Survey

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ cooperation-wg Archives ]