Industry players mostly applauded spam-fighting guidelines released by the anti-spam alliance formed by major ISPs, including Yahoo, Microsoft, EarthLink and America Online.
“I applaud the Anti-Spam Technical Alliance (ASTA) for coming up with authentication standards,” said Quinn Jalli, director of privacy and ISP relations for major email service provider Digital Impact. “This is the light that shows us we are on the right path,” he said of the guidelines released Tuesday.
The ASTA’s recommendations focused on best practices along with authentication procedures. Such procedures help identify the sender of email, a critical element to fighting spam, according to the ASTA and other industry players.
“I think their best practices suggestions are great and we are glad to see they developed effective complaint reporting systems. From our perspective, any method or suggested way of dealing with complaints that allows us to have insight is helpful,” Jalli said. “We can take complaint data and tie it back to sources so we can improve on best practices.” Jalli cited AOL as one of the first ISPs to implement a feedback loop “and we’re glad to see other ISPs saying this is a best practice.”
Along these lines, “it is good to see ISPs are proposing sharing spam-compliant data within their ISP community, but the ISPs also need to follow AOL’s lead and share them with legitimate permission marketers as well,” commented David Daniels, analyst with Jupiter Research, owned by the parent of this publication.
Another industry player hailed the ASTA recommendations dealing with an emerging menace, zombie spam.
“Zombie spam is a new approach spammers are using,” said Anne Mitchell, CEO of the Institute for Spam and Public Policy. “They take over an unsuspecting user’s machine and use it as a zombie to send email.”
“Zombies have become a big threat and a big issue,” Ryan Hamlin, general manager of Microsoft’s anti-spam technology and strategy group, commented Tuesday in a press conference when the report was issued. He estimated that 40 percent of the spam received at Hotmail comes from zombie machines. “It has grown over the last few months.”
The recommendations “hold individual users accountable,” Mitchell said. “If your PC starts spewing spam, they’re going to turn off your connection.”
Stephen Currie, director of product manager at EarthLink, Tuesday said if his company identifies a user in that situation, “We temporarily pull them offline. It’s a matter of educating that person and making sure they have the right software on their machine. Identify them and work with them to clean up their system.”
Mitchell also applauded the rate setting recommendation. With this practice, users’ machines would be limited to sending a certain number of emails per hour, “perhaps 100 or 500 pieces an hour, certainly enough for an individual but useless for a spammer trying to send thousands per hour.”
A privacy officer tempered his approval of the recommendations with some concerns.
“The ASTA guidelines are a good restatement of best practices in the ISP industry, and as such it’s good that they’re out there to influence the industry,” said Ray Everett-Church, chief privacy officer of ePrivacy Group. “But nothing new came from this document, and it’s certainly no indication of any better cooperation on the fundamental issue of improving the security and authentication of email.”
Daniels voiced a similar concern. “While the [ASTA] document is helpful, the ISPs really need to come to an agreement on one identity authentication standard,” Daniels said.
The analyst referred to the proposal as “a positive step forward for the industry.”