--On 11 March 2009 16:56:53 +0100 Sascha Wilms <Sascha.Wilms@eco.de> wrote:
I know that for some it's a hard fact not to be allowed to block CSA whitelisted entries any more. But because senders know exactly this, they know what they have from being CSA whitelisted and what they stand to lose if they get kicked off the list when not complying with the rules. It is this huge leverage we gain.
So, what's the sanction against me if I apply my spam filters to one of your members? Just that you don't send me list updates? I could live with that. I'd not be able to enter any contractual obligation, though.
Currently, we have only significant German ISPs, but at least one major European incumbent is about to join. We hope to extend the reach of our list to other providers, so that we can increase the leverage. I have talked to some British providers, but so far no commitment (though the British marketers are very keen on having something like the CSA in the UK).
I'm slightly confused here. Your members are ISPs or Marketers? Perhaps you're referring to users of the whitelists here? If they're ISPs, does that mean that the rules are applied to all email sent through the ISP's servers? If they're ISPs, then are you requiring that they block outbound port 25 non-whitelisted addresses? And rate limiting domestic clients? That would be something I'd be very keen to encourage.
As I said, it is really an industry standard we are promoting here, and the more ISPs join, the better we are able to establish the standard on an international level. If you guys have more feedback, you are welcome!
rgds Sascha
-----Ursprüngliche Nachricht----- Von: iane@sussex.ac.uk [mailto:iane@sussex.ac.uk] Gesendet: Mittwoch, 11. März 2009 16:21 An: Sascha Wilms; anti-abuse-wg@ripe.net Betreff: Re: AW: [anti-abuse-wg] how to detect spambots - SPAMTrusted
--On 11 March 2009 15:44:04 +0100 Sascha Wilms <Sascha.Wilms@eco.de> wrote:
Hi Ian, hi guys,
we actually enforce rules regarding bulk emails through the Certified Senders Alliance. Enforcement can naturally be applied only to those senders participating in the CSA - however, in Germany our service has become the de facto industry standard for email marketers, and the amount of emails sent by certified senders is huge. Thus, we have gained a very good leverage over this industry.
Well, that's all good. I see that in order to discover who's using your service, I have to agree not to blacklist any of your users. That's not so good. I'm not sure that I'd be interested in whitelisting anyone who's signed up to improve their marketing outreach.
However, the fact that you require your users to publish SPF records is good.
Are most of your members in Germany? This probably would be something I'd be interested in if you had a significant number of UK members.
I do think that you need to get your English language documentation looked at by a native English speaking lawyer.
we at eco maintain a general complaints hotline, and I can't remember having seen any complaint by users or ISPs about a missing opt-out link only. Complaints are about UCEs, and not missing opt-out possibilities. So I guess we are pretty much the only body dealing with the enforcement of those rules like opt-out links, and we have effective sanctions for not sticking to the rules (and opt-out is definitely one of those rules!).
Actually, our set of rules goes beyond the stipulations made by the EU directive. And we keep on tightening the rules: SPF has now become mandatory for senders (ISPs are left with the choice whether to use this info); DKIM and double-opt-in, for example, are now recommended criteria and will be turned into mandatory criteria with the next revision of the admission criteria.
We consider this industry standard approach more efficient than any legislative approach.
Rgds Sascha eco association
-----Ursprüngliche Nachricht----- Von: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg-admin@ripe.net] Im Auftrag von Ian Eiloart Gesendet: Mittwoch, 11. März 2009 12:43 An: peter h; anti-abuse-wg@ripe.net Betreff: Re: [anti-abuse-wg] how to detect spambots - SPAMTrusted
--On 10 March 2009 20:17:50 +0100 peter h <peter@hk.ipsec.se> wrote:
UCE or spam is illegal in some countries, however legal authorities does not seem willing to hunt and procecute.
Under article 13 of EU DIRECTIVE 2002/58/EC, I think that the sending of UCE is illegal in every member state of the EU, which exemption where the recipient is an existing customer of the organisation sending the email. Even then, the sender has to give an opt out option with every email, and may only market "similar products or services".
I don't know anywhere that this is properly enforced, though.
-- Ian Eiloart IT Services, University of Sussex x3148
-- Ian Eiloart IT Services, University of Sussex x3148
-- Ian Eiloart IT Services, University of Sussex x3148