If you want to create a digital opt-in, that is transferrable between ESPs et al, you need:
the digital opt-in to tell you: - who the recipient is - what the allowed sender-domain or sender-email address is that you want to permit sending emails to you (rfc5322-to) - when the opt-in was created - how long the opt-in is valid (so that an opt-in can vanish if you don't use it! Very important.) - where/how to verify the digital signature the sender must: - use DMARC (to also avoid criminals being able to steal the opt-in). the ESP must be able to - verify it online (possibly before or during sending an email) - provide the opt-in with the mail being sent - refresh it automatically (e.g. be able to request a refresh after sending an email) - if a customers leaves; provide the customer with fresh digital opt-in's. for mail hosting orgs; it must be able to - integrate it in current mta setups - have a user-interface to guide this process for the end-user - be able to work with a mixed-system (mails with and without digital opt-in) the recipient-domain should/must: - have some sort of policy to advise that senders may (or must) use digital opt-in. Useful for changing to such a system. - tell where/how to verify the digital signature Met vriendelijke groet, David Hofstee Deliverability Management MailPlus B.V. Netherlands (ESP) ----- Oorspronkelijk bericht ----- Van: "Michael Wise via mailop" <mailop@mailop.org> Aan: "Ted Cooper" <ml-mailop...@elcsplace.com>, mailop@mailop.org Verzonden: Zaterdag 11 juni 2016 03:11:12 Onderwerp: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws Keep that one sign-up message. It's a very small per-user piece of data, and it would certainly be proof enough and to spare for me. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Ted Cooper Sent: Friday, June 10, 2016 5:17 PM To: mailop@mailop.org Subject: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws On 11/06/16 09:29, Michael Wise via mailop wrote: > > ... when the server receives it, it gets authenticated. > Or did you forget this? That doesn't help when attempting to provide "proof" of signup at some future date - it will simply be a message with a DKIM sig that can no longer be confirmed. I don't store old key information and I don't think anyone else does. I'm not going to trust a 3rd party to say "it was signed when I got it! I swear!" - it may as well be made up. _______________________________________________ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c62b7f00ad8f542153c4f08d3918e7fa4%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=NTM%2b8ppZaN3fK9zFumEUP97%2fD7Pd2m8OtjfZ96KQNWk%3d _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop