On 26 Dec 2017, at 15:04 (-0500), Anne P. Mitchell Esq. wrote:
Bill, thank you for this excellent explanation, and for the kind
words!
I'm glad you didn't find anything glaringly incorrect or derogatory
about my external-view explanation. And of course I stand by every kind
word.
[...]
However, the different responses from IADB are VERY nuanced and the
two strongest rules you listed (RCVD_IN_IADB_OPTIN and
RCVD_IN_IADB_VOUCHED) are essentially "good intentions" markers.
Due to unfortunate terminology choices by ISIPP and a willingness to
engage in nuance and estimate intentions, those aren't really as
worthwhile as they might seem.
Hey Bill - can you please elaborate on the terminology choices which
you see as unfortunate?
You know I'm a bomb-throwing radical... :)
I don't like calling unconfirmed opt-in simply "opt-in" because without
a confirmation exchange, it can be de facto opt-out. It is hard for
people who haven't been the target of massive subscription bombings to
appreciate how pernicious the lack of confirmation can be.
We are *always* open to input. Where we say "opt-in" we mean exactly
that - single opt-in; if someone didn't ask for the email not only
would we call that "opt-out", but we would not certify that sender's
email.
[Skipping a pointless tirade on the obfuscatory "single" vs. "double"
jargon: that battle is long lost.]
The problem: unconfirmed opt-in mail is usually mostly opt-in but is
definitely occasionally de facto opt-out. "100% opt-in" asserts a
certainty that isn't possible without a confirmation step. You know
this, or you wouldn't differentiate between unconfirmed and confirmed
opt-in.
And if one of our senders is sending spam where they claim that all of
their mailings are 100% opt-in (at least) we want to know,
because...whack!
Side-stepping the eternal "define spam" trap, I have no doubt that you
are willing to whack spammers. That's why I have never reported the
chronic MailChimp & SendGrid (both shown as SuretyMail customers on the
website) spamming of addresses that absolutely, positively, NEVER opted
in to anything. Their business models force them to trust customers to
some degree about address provenance and gullible customers may not
grasp that they cannot buy "opt-in" lists. I'm pretty sure that some of
the folks who spammed my unpublished, never-opted-in former work address
(plus a small fixed set of my colleagues) via those ESP's had no idea
that they were in possession of a list generated by spyware or pure
guesswork. I'd guess that the original creator of that list claimed it
was a 100% safe-to-mail opt-in list of qualified IT management sales
leads and sold it on that false premise.
Should SendGrid or MailChimp have had their ISIPP SuretyMail accounts
whacked because each had multiple gullible customers who trusted a list
vendor? I think the answer is "no" because in all of those cases, the
evidence implies that the ESPs were acting quickly and effectively on
spam reports. Would you kick the ESPs out if I'd reported them? Probably
not after 1 incident but maybe after a few dozen in a quarter. The IADB
responses for the MailChimp IP that started this thread seem accurate to
the extent possible given the epistemology of consent and provenance. I
think that sort of policy & practice transparency is a good thing. It is
a good thing that a nuanced and trustworthy description of their policy
& practice is available, even if it requires an understanding of the
limits of what an ESP can actually know about a list they did not
generate.
Seriously, we are always open to feedback, and if a change in
terminology is warranted we have no problem doing that (we also are
happy to create a custom zone based on whatever the receiver wants for
those who would like zones with highly specific profiles of the IPs
therein - some receivers do that because they can't take advantage of
the granularity of the data in our zones (although that is not the
case for SA...in fact our data response codes were *specifically*
created for SA because SA *can* take advantage of that level of
granularity)).
As much as I dislike the single/double wording and the use of '100%
opt-in' for mechanisms that are highly fallible, I am not sure that
switching to better wording would be a good idea at this point. The
sunset for establishing more precisely correct jargon for email consent
was probably in 2003 or so.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole