Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

mrex@sap.com (Martin Rex) Fri, 25 April 2014 02:02 UTC

Return-Path: <mrex@sap.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84CF21A03F7 for <ietf@ietfa.amsl.com>; Thu, 24 Apr 2014 19:02:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNQL30wfddRz for <ietf@ietfa.amsl.com>; Thu, 24 Apr 2014 19:02:16 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id EE7C41A03CB for <ietf@ietf.org>; Thu, 24 Apr 2014 19:02:15 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id s3P228oN017209 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 25 Apr 2014 04:02:08 +0200 (MEST)
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
In-Reply-To: <20140425011716.70436.qmail@joyce.lan>
To: John Levine <johnl@taugh.com>
Date: Fri, 25 Apr 2014 04:02:08 +0200 (CEST)
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140425020208.24FB61ACE0@ld9781.wdf.sap.corp>
From: mrex@sap.com (Martin Rex)
X-SAP: out
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/sfx93TmoZn15-RvI50n765sCcLU
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2014 02:02:18 -0000

John Levine wrote:
[ Charset UTF-8 unsupported, converting... ]
> >> Can you provide a legal citation?  That would be really cool!
> >
> >1. Blocking EMail based on DMARC policy is illegal per ?206 Abs. 2 Nr. 2 StGB.
> >
> >2. Actually, even looking at rfc5322.From (rather than MAIL FROM:) for
> >   the purpose of looking up DMARC policy records 
> >   is illegal per ?206 Abs. 2 Nr. 1 StGB.
> >
> >3. Any DMARC-triggered reporting about forwarded emails is also illegal
> >   per ?206 Abs. 1 StGB and ?88 TKG.
> 
> If that's true, how can spam filtering be legal?  The phrase "without
> authorization" is pretty elastic, and all the ISPs I know consider themselves
> authorized to mange user mail any way they want.

"without authorization" is a quite well-defined concept in telecommunication
legalese in Europe.  Only the sender, and the recipients specified by the
sender are authorized.  The telecommunications service provider is NOT
authorized, and neither is an employer.

SPAM filtering MUST be implemented as voluntary opt-in, otherwise it will be
illegal, as you correctly notice.  Spam-filtering can only be legal when
it is performed strictly on behalf of the recipient, the receipient is
in full control over the behaviour all the time, and the blocking or
deletion of any messages is performed with explicit and voluntary
(i.e. condition-free) consent of the receipient himself.

A preselection to tag Mails as potential spam or to store potential
spam in a second inbox might be permissible, a preselection to block
or delete potential spam would certainly be illegal.


-Martin