Re: Legal aspects of greylisting in Europe

[Christian Hammers <ch@lathspell.de>]

Hello David

On 2004-12-04 David Schmitt wrote:
> Has anyone considered how greylisting should be viewed in the light of
> european data-protection laws? Especially in Austria it would probably
> conflict with the requirement to keep connectiondata no longer than
> required for billing.

"I am not a lawer", but according to German law, which should be very 
simillar, I see no problem. "Teledienstedatenschutzgesetz" says rougly
translated in §6 (Usage Date):
1) the provider may collect/use/compute personal data without explicit
   agreement only in so far as it is neccessary to make the tele services
   available and billable...
6) the provider may store usage data ... at most until the end of the
   sixth month after sending the bill...

So I would assume storing the greylist-triple it's neccessary (->1) 
for greylistd which is part of "the mail server". You need to collect the
greylist tripels only until the mail has been received for the second and 
final time. 
Until then it's the same problem as with all those "relay denied" or 
"xyz@customer-domain.com user unknown" log messages that are all over 
the log file, which gets rotated away much sooner anyway.

More problematic could be the fact that you delay the mail, maybe you have
postal requirements that demands from you to deliver the mail as fast as you
get it... at least you should tell your customers that their mails can be
delayed for the price of (currently) much less spam.

bye,

-christian-