|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: VeriSign SMTP reject server updated
>At anytime, Verisign could remove your .COM domain from their DNS for >a short period of time which would result in all of your inbound >email going to the Verisign collector servers. If this was only done >for a brief interval, say 10 minutes, you might never notice that it >had happened. But Versign's industrial espionage department would have >your email in their hands and could do whatever they wish with it. >How profitable might that be? Actually... If they were to accidentally remove someone's .COM domain and do that, that would be a criminal violation of ECPA, says my not-an-attorney analysis. Even if they did it by accident. Even if they didn't keep a copy. Even if their mail server didn't accept it and returned a 550 on the RCPT, if the sending mail agent did something braindead like just pump out a whole message plus embedded SMTP headers like... oh, I dunno... a bunch of Spamware does. It seems... wrong... to consider that we could file criminal charges against Verisign for illegally intercepting spam between the spammer and our systems, but it appears to be a legally consistent postulate. As Verisign is doing SiteFinder for commercial gain, it might even qualify for the higher penalties (1 yr first offense 2 yr each subsequent offense). I wonder if 'offense' would map to 'domain' or 'individual email message' or what. Conceivably could be very very bad news. -george william herbert [email protected]
|