E-Mail Coalition Floats New Anti-Spam Plan

How to block spam while letting the legitimate messages through? At the ISPCON conference in Baltimore, a coalition of e-mail marketers presented some new approaches.

BALTIMORE — Hans Peter Brondmo, a noted technology author and Digital Impact fellow, has announced a multi-year plan by the Network Advertising Initiative’s Email Service Provider Coalition (NAI ESPC) to change the architecture of email in order to effectively block spam while protecting legitimate email advertisers.

“When we decided to address this problem, we had two options,” Brondmo told a packed luncheon meeting Wednesday at the ISPCON conference here.

“We could have built a whitelist on steroids for our members, or we could have built a solution for more than our 28 members,” said Brondmo, who is also a member of the coalition. “I am proud to announce that all 28 members opted for the latter solution.”

Code named “Project Lumos,” the anti-spam plan calls for a registry-based approach to eliminate spam by holding senders accountable for the mail they send.

The NAI ESPC, a coalition of 28 companies that advertise over the Internet (Digital Impact is a founding member), is concerned that spam filters block as much as 15 percent of their members’ messages in error through false positives.

Brondmo noted that systems vary in quality and that false positives abound — one blacklist blocks the entire nation of the People’s Republic of China, he claimed.

NAI ESPC members are frustrated that current anti-spam policies punish most severely those mass mailers who adhere most strictly to best practices — those who post legitimate unsubscribe addresses and do not hide their identity. In contrast, spammers that fake their identity or exploit network vulnerabilities to send mail from locations they do not own are not punished by current anti-spam solutions.

With that in mind, Brondmo said the new approach consists of combining email marketers’ best practice with technological and legislative solutions to ensure that all parties — ISPs, marketers, and email recipients — are protected.

The coalition said “Project Lumos” would deploy a certification process that requires email senders to verify their identity, adhere to best practices and then objectively monitor their performance.

Brondmo said project would unfold in three phases. The first consists of a dialog between the NAI ESP, ISPs, and other concerned parties, of which Brondmo’s speech touched upon the most. The second phase would involve building and establishing a filtering system, which could take 36 months. The final phase, which will be ongoing, would be the continuous updating and improving of the registry system.

“The project has no owner,” said Brondmo. “It’s a blueprint, a discussion.” Brondmo said that progress in any one dimension of the project must be reinforced by progress on the other two fronts.

The more detailed blueprint consists of the following four policies:

Certification — The project would create specific rules concerning the structure and function of an unsubscribe link on an email. It would also certify senders according to the type of mail they send, its volume, and their organization’s complexity.

An individual who sends few emails could remain anonymous, whereas a large international organization would have to adhere to a more rigorous system that would involve ensuring that all employees in every nation understand and follow best practices.

Standards — The organization would ensure that every emailer’s identity would be defined and would remain the same, and would standardize abuse reporting and email categories to protect ISPs, marketers, and mailbox owners. If any emailer’s identity was public, that emailer could be blocked by the ISP or by the individual.

Policies — Other specific abuses, such as dictionary attacks or even sending emails using an out of date list with a significant bounce rate, would be handled in a standardized manner.

Performance — A rating system would track the number of complaints against organizations and their effectiveness in responding to complaints.

The system would require a registry, similar to that for IP addresses, domain names, or SSL certification. The registry would maintain a list of the identities of senders protected by a Public Key Infrastructure (PKI), and keep track of their behavior, posting ratings such as those used by the U.S. financial system.

With the floor opened for questions, the debate began:

“Why not make DNS [domain name servers] more secure, and simply use reverse DNS lookup?” attendees asked. The NAI ESPC said it believes that DNS cannot be made secure.

“Why is the IETF [The Internet Engineering Task Force] not involved?” IETF processes would take too long for an undertaking as ambitious as this, the coalition said.

Asked another: “Won’t a PKI [public key infrastructure] require a repository of public keys, creating a single point of attack? Who would build and maintain the repository?” The PKI solution would never be 100 percent secure, came the reply.

When questioned about free speech lawsuits, the coalition said it did not believe it would be prohibiting people from saying things, only prohibiting them from broadcasting them to hundreds of millions of people. “They could still use the viral method, sending to 100 senders, each of whom could send to 100 more, and thus reach a large number of people if their message was compelling.”

Although the debate over the proposal has begun, Brondmo said he expects it to last for several months at the very least.

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior
Whitepaper | Mobile

US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups
Whitepaper | Analyzing Customer Data

Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people
Whitepaper | Digital Marketing

Learning to win the talent war: how digital marketing can develop its peopl...

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy
Report | Digital Transformation

Engagement To Empowerment - Winning in Today's Experience Economy

1m

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource