Yes, I hear you but it overlooks one important characteristic of
If you're going to "join the club" you're going to have to tell us who
you are and how to contact you. It's not the Holy Grail of a hurdle but
I think it will make a big difference.
BBB and TRUSTe are sort of the right model, but the problem with both as
you point out is enforcement. If the CNS has automated tools for
testing whether you meet the requirements (e.g., you're not an open
relay) then enforcement is less of an issue. Another criteria might
knowing what software you use. This doesn't guarantee you'll use it
correctly but perhaps a value proposition to members is a resource of
how best to use the most popular software.
And, I still don't think we have to define spam. The question is, "Are
you a responsible list manager?" Buying and selling lists of
subscribers does not qualify. Confirmed opt-in does. This is not a
content judgement. This is about the process by which you build and
manage your mailing lists. In addition to anonymity it is these
qualities that separate spammers from the rest of us.
In a litigious society such as the US, liability is a tough nut to
crack, but I'm still not convinced it's worse than it is now. What the
CNS offers is accountability. A violation of the rules makes you
persona-non-grata and you're excluded from the club (with no refund).
It's not a perfect system but I don't think it has to be. The CNS
doesn't guarantee no spam, it just guarantees a response to it. Nothing
we do today is perfect so I don't see how the CNS could be held to a
higher standard. You just don't set it up that way.
Hey, I'm thinking out loud here. John Levine suggested that an effort
run on a shoestring would never make it. Probably so. It's clear that
success would require buy-in from one or more significant "end-users",
of which AOL would have to be one. List managers would come if the
end-users required it.
Regardless, I'm not throwing out a shoestring. It was an idea, perhaps
one we're not ready for yet. It's just that in the absence of a
homogeneous infrastructure for email (Chuq's reference to PKI and all
that) there really aren't any obvious technical solutions. Everything
we do is "glue and staples", including what AOL is doing (which, by the
way, I do not fundamentally have a problem with although I'm not fond of
some of the edge choices they've made).
As a mailing list service provider myself I'm not fond of having to pay
for the privilege. I like the reference from someone else (sorry for
forgetting the attribution) regarding "blackemail." I can see where
what I'm proposing is exactly that. :-) However, in the absence of
technical solutions an administrative one is all we have, and somebody
has to pay for it.
On Mon, 30 Apr 2001, Chuq Von Rospach wrote:
Date: Mon, 30 Apr 2001 10:17:20 -0700
From: Chuq Von Rospach <email@example.com>
To: James M Galvin <firstname.lastname@example.org>
Subject: Re: we aren't the enemy, but it's hard to prove it
On 4/30/01 9:01 AM, "James M Galvin" <email@example.com> wrote:
> As answered in a prior note to Tom Neff, my proposed model is that list
> owner sites would "subscribe" for a fee. There is a fee schedule issue
> for the one list site, but I don't think that's insurmountable.
So you're looking at the sorta-BBB or TRUSTe model. A group that sets
standards for operation that members agree to.
> It is a
> replacement for the 1-1 contracting AOL is kicking-off.
Only if sites like AOL agree to buy into it. And only if the group manages
its members well. There are lots of people who see TRUSTe as a lapdog,not a
watchdog, for instance. So you have to have monitoring and enforcement in
the group (how? And it's not cheap to fund). And convince people and sites
to trust it. Which gets back to the idea of "define spam".
> centralization of this for the good of the Internet in general is surely
> a cost-savings for them.
Only if you agree with the policies, the policies are properly enforced and
you trust the organization doing it.
> I don't see the "obvious" liability issue. A list owner subscribes to
> be listed as legitimate. If they are then they are listed.
This group is going to have to validate its members. If it can't, it's open
to legal liabilities. And how do you handle the case of someone who starts a
shell corporation, signs up for the group and gets listed, and then starts
spamming? Don't think that'll happen? And the group is liable -- it's vetted
the guy, after all.