[svfig-open] White lists
forther at attbi.com
Thu May 15 14:16:51 PDT 2003
Here is a column from a collimated columnist of interest.
Delivered-To: edfoster at gripe2ed.com
Received: from mta4.rcsntx.swbell.net (mta4.rcsntx.swbell.net [184.108.40.206])
by gripe2ed.com (Postfix) with ESMTP id CE4448F75D
for <edfoster at gripe2ed.com>; Thu, 15 May 2003 09:55:26 -0700 (PDT)
Received: from gripe2ed.com (adsl-67-124-237-167.dsl.snfc21.pacbell.net
by mta4.rcsntx.swbell.net (8.12.9/8.12.3) with ESMTP id h4FGtOWf004280
for <edfoster at gripe2ed.com>; Thu, 15 May 2003 11:55:24 -0500 (CDT)
Message-ID: <3EC3C7AE.6040605 at gripe2ed.com>
Date: Thu, 15 May 2003 10:00:30 -0700
From: Ed Foster <foster at gripe2ed.com>
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3) Gecko/20030312
X-Accept-Language: en-us, en
To: edfoster at gripe2ed.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Subject: [Ed Foster's GripeLog] The GripeLog Column: "Just Say No"
X-BeenThere: edfoster at www.gripe2ed.com
List-Id: The GripeLog Column <edfoster.www.gripe2ed.com>
<mailto:edfoster-request at www.gripe2ed.com?subject=unsubscribe>
List-Help: <mailto:edfoster-request at www.gripe2ed.com?subject=help>
<mailto:edfoster-request at www.gripe2ed.com?subject=subscribe>
Sender: edfoster-bounces at www.gripe2ed.com
Errors-To: edfoster-bounces at www.gripe2ed.com
ED FOSTER'S GRIPELOG
The Reader Advocate Column
Thursday, May 15, 2003
By Ed Foster
Just Say No to "White List" Services
Perhaps the worst thing about the spam plague is the desperate protection
measures it's driving people to adopt. And perhaps the worst of those
protection measures is the growing number of "white list" or
"challenge/response" anti-spam services that block messages from unlisted
This first came to my attention earlier this year when readers started
complaining about a white list outfit called Spam Arrest. "I recently sent
an e-mail to a person I'd just met, and received an email from Spam Arrest
saying that because I was someone new, my e-mail was on hold until I
clicked a link to prove I was a human and not some kind of spammer," wrote
one reader. "Fair enough. About 30 seconds later my e-mail was delivered
...So it's now about a month later and 'Spam Arrest' is spamming me. They
don't fake headers and the subject includes 'ADV', but that doesn't change
that is, without any doubt, unsolicited commercial e-mail."
So Spam Arrest had decided it was within its rights to send out an e-mail
promoting its service to the email addresses of all of its customers'
(http://spamarrest.com/privacy.jsp), there was no question it did, since it
states explicitly that it applies to both customers who paid for the Spam
Arrest service and "senders" who e-mailed those customers. The senders did
not quite see it that way, though, and the resulting hue and cry quickly
forced Spam Arrest to issue an apology. It was inappropriate thing for the
company to do, Spam Arrest acknowledged somewhat reluctantly, and it
wouldn't happen again.
But if Spam Arrest had at least learned not to be so blatant, some readers
study, one reader noted several disturbing things. "First off, they
basically lay claim to all e-mail addresses on their customers' white
lists, even those that the customers put on without knowledge of the
'sender,' " the reader wrote. "How can they do that when the sender may not
even be aware that he or she is on the list? But their policy says they can
use that address for marketing/promotional purposes, including advertisements."
states: "Sender's information may also be sold or otherwise provided to
Spam monitoring or compliance agencies or organizations..." What was that
about, the reader wondered. Could a bulk e-mail outfit be considered a
spam-monitoring organization? Was there an implicit threat that those who
didn't sign on with Spam Arrest might be reported as spammers?
A Spam Arrest spokesperson told me that, while the company will indeed
refrain from sending out any more spam, they still retain the right to
market to the senders. "The bottom line is that we are an anti-spam company
but we are not an anti-marketing company," she said.
As for the bit about selling senders' information, I was referred to the
has never sold information and has no intent to do so," he said.
The clause was written to allow Spam Arrest discretion to work with a
government organization or industry association that might evolve in the
future to have a legitimate spam-policing role.
OK, it's a lawyer's job to anticipate every eventuality and give the client
as much latitude as possible in its legal boilerplatese. So maybe that
ominous language was not motivated by malevolent schemes.
And maybe Spam Arrest will indeed refrain from any further spamming of its
customers' e-mail correspondents.
But why should we have to worry about these things at all? Remember, we're
not talking about Spam Arrest's customers -- we're talking about people who
just wanted to send a legitimate e-mail to one of those customers. Or,
worse yet, a person who was unknowingly on the white list by that customer
and never even had the chance to decline.
Think about it. If you sign up with one of these services -- and there's a
whole bunch of them out there now -- you aren't just trusting the company
for yourself. You are putting your e-mail correspondents in the position of
having to choose whether to trust the service as well or not sending you a
message you might want to receive. Is that something you want to do to
your friends and business associates?
There are many aggressive anti-spam approaches (including, if you must,
implementing white lists on your own server without a third party) that can
be just as effective as what these companies can give you. I don't know if
Internet e-mail can ultimately be saved from the spam curse, but I do know
these white list and challenge/response services are not the way to do it.
Just say no.
In the GripeLog weblog this week at http://www.gripe2ed.com:
Readers react to Cisco's policy of requiring customers to re-license
software when they purchase a used router.
Which printer companies do the worst job of updating their drivers for new
versions of the operating system?
If you have any comments, questions, problems or gripes about this
newsletter, please write me directly at foster at gripe2ed.com. Thanks for
To subscribe or unsubscribe to this newsletter, please visit:
Edfoster mailing list
Edfoster at www.gripe2ed.com
More information about the svfig-open