FTC: Do-Not-E-Mail, No; Authentication, Yes

• Tweet
• Buffer

The Federal Trade Commission (FTC) Tuesday told Congress a national Do-Not-E-Mail registry won't reduce spam and might even make it worse. The FTC said anti-spam efforts should focus on email authentication instead.

To further that aim, the FTC will sponsor an authentication summit this fall, FTC Chairman Timothy Muris said Tuesday in a press conference at FTC headquarters in Washington, D.C.

Muris was reporting on a study done as a requirement of the federal CAN-SPAM Act, which became law in January. The act mandated that the FTC produce a report on a national do-not-spam list similar to the FTC's popular do-not-call registry.

"We learned that spammers would ignore the law," Muris said. "Even worse, they'd use the registry as a source of valid -- and spammable -- addresses. It would be virtually impossible to stop them."

According to the report, a national registry would fail to reduce the amount of spam consumers receive, might increase it, and could not be enforced effectively.

Instead, the FTC recommended that private industry, including ISPs, email marketers, email service providers (ESPs) and software companies, should work together to form a standard for email authentication that would prevent spammers from hiding their tracks and evading Internet service providers' anti-spam filters and law enforcement.

"This is good news," said Dave Lewis, co-chair of the E-Mail Service Provider Coalition (ESPC) vendor relations committee and VP of deliverability management for Digital Impact. "It validates what we have been saying relative to authentication being the critical first step in establishing accountability."

Efforts to provide email authentication are already being pursued by major ISPs Microsoft, America Online and Yahoo

AOL plans to have Sender Policy Framework (SPF) email authentication in place by the end of summer and has been testing the protocol.

Microsoft is in the process of integrating SPF with its Caller ID for E-Mail authentication protocol. Meanwhile, Yahoo has its own authentication proposal, DomainKeys, which uses encryption of digital signatures.

Susan Kuchinskas contributed to this report.