The rationale for involving legal is to place some accountability and consequences where they belong.
Currently, countless people essentially commit countless abuses for free because the actor is hidden behind a machine or a process. But somewhere it's a humans decision to institute an abusive protocol, and it seems pretty fair fo me to make that human accountable for their action. Not just email but all kinds of things.
You are probably merely a dick but still a legal dick if you wantonly block email for yourself. But the second you are responsible for even one other person's correspondence reaching them, I say you should be legally culpable for any failure to deliver.
I question whether you or what other percentage of the commenters in this thread represent any specific ASN with its own IP space that it cares about keeping clean, and have bgp relationships with other ISPs.
Or whether they're actually end users only.
Have you actually encountered this problem as a service provider in the past and implemented solutions to it, or are you just sharing your opinion as a possibly-frustrated end user of email?
I avoided the problem by only ever sending email on behalf of customers, not receiving. IE, saas app can send out quotes and invoices and things but any replies go to the end users own address not any of our servers, and didn't host our own email.
What I didn't do was ignore the problem or think there was no problem. Things still got blocked elsewhere but I (personally or my company) didn't do it.
I recognized that handling someone elses correspondence is a non-trivial responsibility. Yes the job is hard, and so you either decide that is your whole job, or you outsource it to someone whos whole job it is. You don't just do a poor job because it's hard and not your all day every day job.
> I say you should be legally culpable for any failure to deliver.
So you think an MSP's advertised policy should be "We guarantee that anything sent to you will be delivered, including spam"? That no MSP should provide spam-filtering, at risk of legal culpability?
If that's not what you mean, then presumably you are requiring all MSPs to block only spam, and to deliver all legitimate email. But that is impossible, because nobody has figured out a way of reliably distinguishing spam from ham.
If I received such a letter from your legal department, I would laugh, and reply: "I am awaiting your writ." If I got the note from a recipient or their postmaster, I'd be much more inclined to try to help, but I never try to negotiate with lawyers brandishing threats.
The MSP's policy can be whatever they want as long as it IS advertised.
If they say "We drop 10% of messages at random, and you knowingly choose to take that, then that is just a stupid arrangement you should never agree to, but they aren't doing something unexpected.
I decline to believe you are as stupid as that remark.
Good faith best effort is perfectly reasonable. Not knowingly and intentionaly discarding mail is all that's required.
If you're the mailman, you do not have to garantee that you will never lose a single letter in a car accident.
But you can certainly garantee, absolutely, that you never go through the bag and throw away all the spam and sometimes mistake a legit letter from a lawyer for lawyer spam.
You can ceetainly garantee, absolutely, that you never apply utterly thoughtless rules like "we got these scam letters from Nigeria so now we just throw away anything from Nigeria."
You should absolutely be responsible for other peoples stuff that is in your hands while it is in your hands. It's not yours to dispose of, even when part of your explicit job is to filter. If that sounds onerous, that's why you get paid money for the responsibility. If it's too hard to bear this responsibility properly, then you have no business doing that job. Do the job right or don't do the job. There is nothing unreasonable about those two choices. It is not at all required to do the job, but poorly or carelessly.
> The MSP's policy can be whatever they want as long as it IS advertised.
No.
Suppose the MSP uses bayesian filtering? How would one go about advertising a policy that depends on bayesian filtering? You'd have to publish the contents of your filter table. The only people who could benefit from that would be spammers, who could use the data to customise their spam.
In general, telling the world what your filtering policies are is just going to cause spammers to try to sidestep your policies. The only policy that you maybe ought to publish would be along the lines of "We filter out spam; that sometimes results in false positives. Sorry."
Currently, countless people essentially commit countless abuses for free because the actor is hidden behind a machine or a process. But somewhere it's a humans decision to institute an abusive protocol, and it seems pretty fair fo me to make that human accountable for their action. Not just email but all kinds of things.
You are probably merely a dick but still a legal dick if you wantonly block email for yourself. But the second you are responsible for even one other person's correspondence reaching them, I say you should be legally culpable for any failure to deliver.