More NewsE-Mail Coalition Floats New Anti-Spam Plan

E-Mail Coalition Floats New Anti-Spam Plan

How to block spam while letting the legitimate messages through? At the ISPCON conference in Baltimore, a coalition of e-mail marketers presented some new approaches.

BALTIMORE — Hans Peter Brondmo, a noted technology author and Digital Impact fellow, has announced a multi-year plan by the Network Advertising Initiative’s Email Service Provider Coalition (NAI ESPC) to change the architecture of email in order to effectively block spam while protecting legitimate email advertisers.

“When we decided to address this problem, we had two options,” Brondmo told a packed luncheon meeting Wednesday at the ISPCON conference here.

“We could have built a whitelist on steroids for our members, or we could have built a solution for more than our 28 members,” said Brondmo, who is also a member of the coalition. “I am proud to announce that all 28 members opted for the latter solution.”

Code named “Project Lumos,” the anti-spam plan calls for a registry-based approach to eliminate spam by holding senders accountable for the mail they send.

The NAI ESPC, a coalition of 28 companies that advertise over the Internet (Digital Impact is a founding member), is concerned that spam filters block as much as 15 percent of their members’ messages in error through false positives.

Brondmo noted that systems vary in quality and that false positives abound — one blacklist blocks the entire nation of the People’s Republic of China, he claimed.

NAI ESPC members are frustrated that current anti-spam policies punish most severely those mass mailers who adhere most strictly to best practices — those who post legitimate unsubscribe addresses and do not hide their identity. In contrast, spammers that fake their identity or exploit network vulnerabilities to send mail from locations they do not own are not punished by current anti-spam solutions.

With that in mind, Brondmo said the new approach consists of combining email marketers’ best practice with technological and legislative solutions to ensure that all parties — ISPs, marketers, and email recipients — are protected.

The coalition said “Project Lumos” would deploy a certification process that requires email senders to verify their identity, adhere to best practices and then objectively monitor their performance.

Brondmo said project would unfold in three phases. The first consists of a dialog between the NAI ESP, ISPs, and other concerned parties, of which Brondmo’s speech touched upon the most. The second phase would involve building and establishing a filtering system, which could take 36 months. The final phase, which will be ongoing, would be the continuous updating and improving of the registry system.

“The project has no owner,” said Brondmo. “It’s a blueprint, a discussion.” Brondmo said that progress in any one dimension of the project must be reinforced by progress on the other two fronts.

The more detailed blueprint consists of the following four policies:

Certification — The project would create specific rules concerning the structure and function of an unsubscribe link on an email. It would also certify senders according to the type of mail they send, its volume, and their organization’s complexity.

An individual who sends few emails could remain anonymous, whereas a large international organization would have to adhere to a more rigorous system that would involve ensuring that all employees in every nation understand and follow best practices.

Standards — The organization would ensure that every emailer’s identity would be defined and would remain the same, and would standardize abuse reporting and email categories to protect ISPs, marketers, and mailbox owners. If any emailer’s identity was public, that emailer could be blocked by the ISP or by the individual.

Policies — Other specific abuses, such as dictionary attacks or even sending emails using an out of date list with a significant bounce rate, would be handled in a standardized manner.

Performance — A rating system would track the number of complaints against organizations and their effectiveness in responding to complaints.

The system would require a registry, similar to that for IP addresses, domain names, or SSL certification. The registry would maintain a list of the identities of senders protected by a Public Key Infrastructure (PKI), and keep track of their behavior, posting ratings such as those used by the U.S. financial system.

With the floor opened for questions, the debate began:

“Why not make DNS [domain name servers] more secure, and simply use reverse DNS lookup?” attendees asked. The NAI ESPC said it believes that DNS cannot be made secure.

“Why is the IETF [The Internet Engineering Task Force] not involved?” IETF processes would take too long for an undertaking as ambitious as this, the coalition said.

Asked another: “Won’t a PKI [public key infrastructure] require a repository of public keys, creating a single point of attack? Who would build and maintain the repository?” The PKI solution would never be 100 percent secure, came the reply.

When questioned about free speech lawsuits, the coalition said it did not believe it would be prohibiting people from saying things, only prohibiting them from broadcasting them to hundreds of millions of people. “They could still use the viral method, sending to 100 senders, each of whom could send to 100 more, and thus reach a large number of people if their message was compelling.”

Although the debate over the proposal has begun, Brondmo said he expects it to last for several months at the very least.

Related Articles

The future of retail: How IoT is transforming the retail industry

Digital Transformation The future of retail: How IoT is transforming the retail industry

1w Diana Maltseva
GDPR: The role of technology in data compliance

Data & Analytics GDPR: The role of technology in data compliance

7m Clark Boyd
What companies can learn from the We-Vibe lawsuit about the Internet of Things

Legal & Regulatory What companies can learn from the We-Vibe lawsuit about the Internet of Things

1y Al Roberts
Has advertising arrived on Google Home?

Media Has advertising arrived on Google Home?

1y Al Roberts
Target is the top retail digital marketer, so why is it struggling?

Ecommerce Target is the top retail digital marketer, so why is it struggling?

1y Al Roberts
YouTube is "on pace to eclipse TV" thanks to savvy algorithm use

More News YouTube is "on pace to eclipse TV" thanks to savvy algorithm use

1y Al Roberts
YouTube is getting rid of 30-second unskippable pre-roll ads

Ad Industry Metrics YouTube is getting rid of 30-second unskippable pre-roll ads

1y Al Roberts
Is Twitter slowly dying?

More News Is Twitter slowly dying?

1y Al Roberts