Re: [Asrg] VPNs vs consent

Claudio Telmon <> Mon, 29 June 2009 16:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DC5353A6DE7 for <>; Mon, 29 Jun 2009 09:04:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.496
X-Spam-Status: No, score=-0.496 tagged_above=-999 required=5 tests=[AWL=0.223, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TR503XeAsLUm for <>; Mon, 29 Jun 2009 09:04:26 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 9B8933A6DDB for <>; Mon, 29 Jun 2009 09:04:25 -0700 (PDT)
Received: from ([::ffff:]) by via I-SMTP-5.6.0-560 id ::ffff:; Mon, 29 Jun 2009 18:04:22 +0200
Message-ID: <>
Date: Mon, 29 Jun 2009 18:04:21 +0200
From: Claudio Telmon <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20090318 Lightning/0.8 Thunderbird/ Mnenhy/
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <>
References: <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] VPNs vs consent
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 29 Jun 2009 16:04:27 -0000

Jose-Marcio Martins da Cruz wrote:
> Claudio Telmon wrote:
>> Rich Kulawiec wrote:
>>> A brief check of my own procmail config indicates that I'm on over
>>> 500 of
>>> these -- the overwhelming majority of which are role addresses such as
>>> those specified in RFC 2142.  A secondary check indicates that about 3/4
>>> of those are shared with one or more other people, which means I'd have
>>> to work out some kind of "shared consent" for several hundred addresses.
>>> That's not feasible in a reasonable period of time, especially since
>>> neither the addresses nor the pool of people they're shared with are
>>> static.
>> Well, I suppose that most of those mailboxes shouldn't be
>> consent-enabled anyway. Addresses like "abuse" or "postmaster" are meant
>> to be contacted by anybody that needs it, right? The same for the
> No !

I'm just saying that RFC 2142 are not meant to be consent-enabled.
Anybody should be able to contact these addresses, but:
- other (antispam) protections may well be enabled;
- other shared addresses may be meant to be "for closed groups" or

>> official contact addresses of companies.
> In fact, at our domain, few of these kind of adresses aren't protected.
> Most of them are adresses of the kind "everybody in the engineering
> department" (addresses which are of internal use only) "butterfly
> research workgroup" (a closed group working on some particular subject)
> and so. These are adresses which *are* protected and the concept of
> consent-enable is materialized by checking if the SMTP client sending
> messages to is in some known network or if the connection was
> authenticated. But nothing prevents that this kind of consent should be
> expanded. Either way, in an organisation like the ours, users couldn't
> understand that the same consent system used for individual addresses
> couldn't be used for collective addresses.

This is a very interesting case. I'll have to think at the implications
of it.


Claudio Telmon