Anti-Spam Alliance Makes Authentication Push

  |  June 22, 2004   |  Comments

An anti-spam alliance including the Big Four ISPs Tuesday issues spam-fighting recommendations focusing on best practices and authentication.

An anti-spam alliance including Yahoo, Microsoft, EarthLink and America Online, Tuesday issued recommendations for curbing spam focused on best practices and authentication.

Following the lead of the Federal Trade Commission, which last week recommended authentication as a key technique for fighting spam, the Anti-Spam Technical Alliance (ASTA) recommended the approach Tuesday. Such procedures help identify the sender of email, a critical element to fighting spam, according to the ASTA and other industry players.

"At Microsoft, about 50 percent of the spam we get has a spoofed domain. Having authentication in place will help stop spam," said Ryan Hamlin, general manager of Microsoft's anti-spam technology and strategy group, discussing the recommendations in an ASTA conference call Tuesday.

Ken Hickman, Yahoo's senior director, mail platforms, added that, "The authentication issue is also critical to protecting users from spoofing and phishing."

Spoofing, and the related practice of phishing, are growing problems, both for consumers who are victims, and for brands misrepresented. Phishing scams are estimated to have caused between $13.5 billion and $16.4 billion in damage worldwide in 2003, according to security firm mi2g. Zombie hosting -- in which spammers commandeer users' computers without their knowledge and use them to send bulk mail -- is another major problem, the ISPs said in the conference call.

The Big Four ISPs are distributing the guidelines via their Web sites. The guidelines give specific suggestions to ISPs, legitimate bulk emailers and consumers for fighting spam. ISPs are advised to block or limit access to a specific port (Port 25), implement rate limits on outbound email traffic and control automated account registration, among other things. Consumers are advised to install firewalls on their PCs and to use anti-virus software and spam filtering technologies.

Recommendations to legitimate bulk emailers suggest that mailers not harvest email addresses through SMTP or other means, that they should register their email domains with a creditable safelist provider and provide clear unsubscribe and opt-out instructions, among other things.

The group said bulk emailers are part of "the email community" and that it does not recommend limits on the amount of legitimate email sent.

"Bulk emailers who are sending mail our members want are a big part of the email community. A big part of our discussion was how to satisfy that group," said Stephen Currie, director of product management for EarthLink. Currie said feedback from legitimate emailers would be an important part of the feedback the group seeks "when we go to the next steps with this."

Carl Hutzler, director of anti-spam operations for AOL, said, "Bulk emailers account for 150 million emails a day into the AOL system. The good ones, the ones on our whitelist, generate very few complaints."

ASTA's recommendations focused on two forms of authentication, an IP address-based approach, of which sender policy framework (SPF), currently being tested by AOL and Microsoft, is an example. Microsoft is in the process of merging SPF with its Caller ID for E-Mail to create a new protocol called Sender ID.

The other form is content signing. Yahoo's DomainKeys authentication proposal is an example of this approach.

AOL plans to have Sender Policy Framework (SPF) email authentication in place by the end of summer and has been testing the protocol, according to Hutzler. "We are also looking at content signing, hoping to at least sign our mail by fall or the end of the year."

Hamlin said Microsoft expects to go public with testing results by the end of "this calendar year." He would not give a hard date as to when the procedure might be implemented.

Authentication is a critical first step in spam-fighting, with reputation a key element to follow, according to Currie of EarthLink.

Noting that "reputable marketers have been clamoring for a way to exclude spam from the inbox," Al DiGuido, CEO of Bigfoot Interactive, applauded the ASTA "and the work they've done in setting the guidelines to bring the ISPs together to set the standards from an authentication standpoint." Describing authentication as a "great leap forward," DiGuido opined that "some form of digital postage stamp" is key in spam-fighting as well.

ClickZ Live Toronto On the heels of a fantastic event in New York City, ClickZ Live is taking the fun and learning to Toronto, June 23-25. With over 15 years' experience delivering industry-leading events, ClickZ Live offers an action-packed, educationally-focused agenda covering all aspects of digital marketing. Register today!

ClickZ Live San Francisco Want to learn more? Join us at ClickZ Live San Francisco, Aug 10-12!
Educating marketers for over 15 years, ClickZ Live brings together industry thought leaders from the largest brands and agencies to deliver the most advanced, educational digital marketing agenda. Register today and save $500!

ABOUT THE AUTHOR

Janis Mara

COMMENTSCommenting policy

comments powered by Disqus

ClickZ Today is our #1 newsletter.
Get a daily dose of digital marketing.

COMMENTS

UPCOMING EVENTS

UPCOMING TRAINING

Featured White Papers

Gartner Magic Quadrant for Digital Commerce

Gartner Magic Quadrant for Digital Commerce
This Magic Quadrant examines leading digital commerce platforms that enable organizations to build digital commerce sites. These commerce platforms facilitate purchasing transactions over the Web, and support the creation and continuing development of an online relationship with a consumer.

Paid Search in the Mobile Era

Paid Search in the Mobile Era
Google reports that paid search ads are currently driving 40+ million calls per month. Cost per click is increasing, paid search budgets are growing, and mobile continues to dominate. It's time to revamp old search strategies, reimagine stale best practices, and add new layers data to your analytics.

Resources

Jobs

    • Copywriting & SEO Specialist
      Copywriting & SEO Specialist (HeBS Digital) - NEW YORKJOB DESCRIPTION     JOB TITLE:         ...
    • SEO Specialist
      SEO Specialist (NJM Insurance Group) - West TrentonNew Jersey Manufacturers Insurance Company is an industry leader among its peers and the largest...
    • Paid Search / Search Engine Marketing (SEM, PPC) Specialist
      Paid Search / Search Engine Marketing (SEM, PPC) Specialist (HeBS Digital) - New York  JOB TITLE:        ...