Brad Templeton Home
Problems with opt-out lists for E-mail
A global opt-out list for telemarketing on the phone is a great idea, and people have been pushing for it for a while, and telemarketers have been fighting it. The idea of per-company "do not call lists" was the telemarketer's dream, because in fact there is almost no way to enforce them, and you still get tons of calls.
Some people want spam to be "opt-in", so that nobody can send unsolicited mail without advance permission, but that's not an acceptable choice in a free society, which is dedicated to the the idea that you don't need permission to initiate communications with somebody else.
The next most effective technique is a global "opt out" list which bulk mailers would need to use to filter their lists. In theory, it's as good as the opt-in policy for those who join it. However, there are problems in pratice.
The first is a privacy issue. People are loathe to put themselves on a publicly available list in order to stop spam, something they are trying to do to protect your privacy. It doesn't do to require all those who want privacy to go stand in the square and shout their desire.
A natural suggestion is to make the published list be one-way hashes of the email addresses that opt out, or make the list only available to bonded "list cleaning" services. Unfortunately, that's just as bad. Do you get spam? If so, you're on the big list. All a spammer has to do is take the biggest list (such lists are routinely sold on CD) and ask for it to be "cleaned" by removal of all addresses that opt out.
The difference, alas, is pretty close to a copy of the in-the-clear opt-out list. Add all the dictionary methods spammers use and you can get a very close copy. Only if you have an address so secret that it's not on spammer's lists could you get on the opt-out list and not show up by this technique. In which case you don't need to be on the opt-out list in the first place.
You could stop the dictionary attack by seeding the list with invalid addresses that are the common dictionary choices. As such all dictionary tests would result in a name that appears to be on the list.
We are also confounded by the fact that most people have many e-mail addresses. In fact, most people have an infinite number. That's because most mail tools will let you arrange that all addresses matching a certain pattern go to the same address. Sites running sendmail, the most popular mailer, will make the address "brad+anything" go to "brad" -- this is in fact a handy trick. In addition, email@example.com is the same address as firstname.lastname@example.org if site.org is willing to mail. So you can always find a variant of an address to mail to that is not on the list.
One popular suggestion is to have mail servers respond with a header that reminds people that particular users have opted out, and so bulk mailings from strangers should not be sent. This can work effectively, but fails when mail takes more than one hop, as it usually does.
I think the only remaining technique is to define a particular pattern for opt-out. For example, it could be ruled that if the mail address has "ns" as the domain component, the address should be deemed to have opted out. The bad news is that all users would have to get new E-mail addresses, though in most cases one that would be easy to guess from the old form.
Thus instead of email@example.com, I would change my address to firstname.lastname@example.org. (The folks at ns.<tld> would have to decide if they want a special exemption for 2LD domains. They probably don't.)
Frankly, this is not a very exciting solution, but it protects privacy. Mailers would probably be written to automatically insert the magic domain name, or re-forward on bounces if it exists, for use by ordinary people.
Spammers of course could still try to mail to these domains, but it would be clear they had broken the opt-out rule, and enforcement would be much more straightforward.