Anti-Spam Consultants Launch Sender Database

The Institute for Spam and Internet Public Policy (ISIPP), an anti-spam consulting firm, joins the ranks of companies providing email sender databases.

The ISIPP Accreditation Database (IADB), like similar reputation services, is aimed at helping email receivers make decisions about email legitimacy so they can appropriately block messages, as well as deliver desired opt-in email.

The database is a list of sender domains, or IP addresses, tied to a variety of other sender data. Most notably, it will include whether they participate in authentication schemes like SPF, Microsoft’s “Caller ID for E-Mail,” or whether they’re enrolled in authentication programs like Habeas or IronPort’s Bonded Sender.

“It really just gives the additional factual information which is what everybody wants today,” said Anne Mitchell, president and CEO of the ISIPP. “There are too many problems that come with blind acceptance of blocklists.”

As the email community continues to struggle with the spam problem, consensus is building that an identity element must be added to the email infrastructure. Microsoft proposed a sender identification scheme it calls “Caller ID for E-Mail,” Yahoo is working on its own DomainKeys program, and America Online is testing a system called SPF.

Reputation and accreditation databases like ISIPP’s, which tie information about the sender to identity, are widely considered the next step. Anti-spam firm Brightmail launched a reputation database, and IronPort operates its own such service, SenderBase. These databases look at the behavior of the sender, while the ISIPP’s new list certifies that listed companies meet its criteria.

Hans Peter Brondmo, co-chair of the E-Mail Service Provider Coalition’s technology committee and fellow at Digital Impact, believes many such databases will be springing up in the weeks and months to come. The challenge then will be for these database operators themselves to establish their reputations within the industry.

“I think that’ll just play itself out over time to some extent,” said Brondmo. He suggests ISPs and other recipients will ask themselves, “‘Is the information I’m getting helpful? Is it accurate and can I trust it? When I use that information to make determinations about whether to let email through or not, is that helping my end user experience?'”

The IADB lists senders who either meet ISIPP’s criteria as determined by background, reference, and other checks; or are personally known to ISIPP to meet certain criteria and to be good Internet mailing citizens. ISIPP will vouch for the latter senders, categorizing listings as either “vouched” or “non-vouched.”

Although the ISIPP claims it’s not creating a whitelist, only approved senders will be listed in the database. Once listed, any deviation from the ISIPP’s best practices will result in the sender being withdrawn from the list, the company said. In addition, it will operate a “Withdrawn Accreditation Database” listing those senders.

Some believe keeping tabs on accredited senders will be a difficult task that is rife with conflicts of interests — since such agencies are accepting payment from the very companies they are supposed to be policing.

“That’s why we need to be really scrupulous and that’s one of the reasons people approached us. We already have a reputation of being really scrupulous in that way,” said Mitchell, adding that the company would have to be scrupulous, or companies would simply not use its database. “If we accredit organizations that do not meet our standards, we will put the product out of business. It is self limiting.”

As for the policing issue, Mitchell said the company would do spot checks but expects people in the industry would alert the ISIPP if its listed companies misbehave.

Senders who wish to be listed must pay a monthly fee, starting at $10 for newsletter publishers, going up to $300 for ISPs with over 30 customers. There’s no charge to query the database.

Data will be provided both as a cumulative score (helpful to ISPs choosing to accept mail from senders who score over a certain threshold), and as individual data points. Data points are more likely to appeal to spam filtering companies, which have their own criteria for scoring mailing practices.

The ISIPP lined up support from Craig Hughes, a chief architect of the open-source Spam Assassin project. Hughes says he may incorporate an IADB lookup in the next release of the anti-spam software. The company has also won an endorsement from Meng Weng Wong, founder of POBox.com and a well-known proponent of the SPF authentication scheme.

“Having the IADB provide information about whether a sender publishes SPF records is an important new direction for DNS-based email delivery information databases, and we’re very pleased that ISIPP has chosen to do this, and happy to work with them in providing unique IADB accreditation codes for SPF publishers,” said Meng.

According to ISIPP criteria, listed senders must:

  1. Vigorously prevent unsolicited commercial and bulk email from being sent from or through any servers or services.
  2. Provide URL for publicly posted terms of service and acceptable use policies that speak out against spam.
  3. Ensure email addresses that are consistently and permanently undeliverable be removed from mailing lists.
  4. Use an opt-in email policy.
  5. Comply with the Can-Spam act, whether or not they operate in the United States.

For non-vouched listings, senders must also provide the physical location of their place of business, three industry references, and pass a background check.

Related reading

/IMG/550/200550/google-gmail-logo-320x198
nfl
hillary-clinton-text-message-signup
specs
<