Just a clarifying question...you talk about consent acquired regarding the fact the email address will be processed (i.e. personal data will be processed)? Patrik On 18 maj 2011, at 20.56, Alessandro Vesely wrote:
Hi all, can a tool for lawfully acquiring a user's consent via the Internet motivate SMTP operators to modify their procedures in such a way that spam can be countered more effectively? Let me please expand slightly on this question, I'll try and be concise.
It is well known that the Simple Mail Transfer Protocol provides for replacing the envelope recipient with one or more other email addresses. This server forwarding is not to be confused with manually forwarding a message from a client. Mailing lists and newsletters are operated that way, as well as redirection configured by means of "dot forward" static files. Since email addresses are personal data, their processing is covered by Directive 95/46/EC.
How is the data subject's consent acquired? In response to the Data Protection Directive, operators should have defined a protocol for obtaining and keeping proof of the consent. It never happened. In facts, it is very difficult to introduce new protocols for email --new protocols for web operations come about much more frequently.
Evidence that consent has been granted can be provided by the data subject's mail exchanger (MX, a.k.a. the user's incoming mail server). It can digitally sign a notification from the data processor. That way, the user's server becomes aware of a new wanted stream of messages, and can whitelist it. That is, it can skip anti-spam checking for those messages. As bulk messages account for a significant part of legitimate mail, anti-spam measures could then be significantly strengthened.
The users' advantage is to have an automatically maintained list of subscriptions, and a uniform interface to manage them. Currently, users have to interact with what can be called a "time-distributed database", in the sense that monthly or yearly they may receive subscription reminders...
The obvious shortcoming of this idea is that mail server operators simply won't install any new software if their systems can work acceptably well without it. However, acquiring written consent is such a pain to many businesses that, perhaps, they will install that software if it helps complying with privacy issues. What do you think?
TIA for any comment