This file is one of the evidence, example or data files that accompanies the "Nadine" Story, an account of commercial mailing lists gone amok.  See the main page for the details.

To: "Garcia, Josephine" <Josephine.Garcia@247Media.com>
Subject: Re: TS0958 RBL Candidacy and General E-mail Domain Ban:  enlist.com
From: Home Office Networks Postmaster <postmaster@HONet.com>
Date: Thu, 27 Jul 2000 07:19:20 -0700

Hello,

The issue at hand is perfectly exemplified by your communication quoted below.

         >>>>>     THERE IS NO NADINE@HONET.COM.     <<<<<

There may actually be such a person as

  >Nadine Smith     [Street Address]    [City, State, ZIP]    
  >DOB: [Date of birth]

whose personal information you have now revealed to a total stranger, but she
does not have an account here, and never has.  I've never heard of her, and I
am the only person who could possibly add her to honet.con's mail server.

THE SIGNUP WAS BOGUS.  All email to nadine@honet.com ends up in my
"postmaster@honet.com" mailbox, and I have to handle it, along with hundreds
of other similar pieces of email per week to non-existing local addresses.

Rather than try to unsubscribe all of these addresses from hundreds of lists,
I simply block ALL further traffic from the sending domains for an indefinite
period.  This means that even legitimately signed-up users here will not get
mailings from the offending domains.  I am by no means the only mail server
administrator that does this.

Delivere.com takes absolutely no steps to assure that any addresses they have
been given were given to them by the actual owners of those addresses.  

This opens everybody involved to serious risks:  
  delivere has no protection against fraudulent and/or malicious signups.  
  If the email address is given to delivere in return for some delivery of 
    value, delivere is easily defrauded.
  The actual owner of an address may find that she has to go around 
    unsubscribing herself from lists she never subscribed to.
  The proprietor of a mail server finds that more and more of his bandwidth 
    and server capacity is taken up by mail sent to bogus subscriptions.

For example, I could sign your address up at one of their sites and you would
then have to remove yourself from all of the subsidiary lists that the address
gets added to.  If I wanted to harrass you, I could do this daily or weekly.  

Worse still, if I wanted to harm delivere, I could sign up the addresses of
several dozen well-known fanatical anti-spam activists, and all of delivere's
mail servers would soon find themselves being blocked at many domains
world-wide.

The emerging industry standard is:  confirmed voluntary subscription, also
called "closed loop opt in".  If delivere did this, none of these things can
happen, because the owner of a newly-submitted address gets a message saying
"Somebody signed up your address to receive mail from us.  Please confirm this
by replying to this message.  If it was not you, do not reply, and your
address will be dropped from our list."

If no further e-mail from any of the sources that have been sending to
"nadine@honet.com" show up in my server's logs after 30 days, I will remove the
blocks that presently deny all traffic from all those sources.

If you would like further information on verified subscription systems, I will
be happy to provide it.  honet.com maintains several subscription lists that
use these techniques.


Michael Rathbun

[snip copy of original Josephine Garcia email]