Industry Players On Board With FTC Anti-Spam Recommendations

Many industry players are on board with the Federal Trade Commission’s (FTC) Tuesday report to Congress that a national Do-Not-E-Mail registry won’t reduce spam, and might even make it worse. Nearly all concur that anti-spam efforts should instead focus on email authentication.

The FTC’s Tuesday reported to Congress was a study conducted as a requirement of the federal CAN-SPAM Act. It examines the feasibility of a national Do-Not-E-Mail registry, similar to the Do-Not-Call list. The FTC recommended private industry, including ISPs, email marketers, email service providers (ESPs) and software companies, work together to form a standard for email authentication. This would prevent spammers from hiding their tracks and evading Internet service providers’ anti-spam filters and law enforcement.

“We are on record with the FTC as having well-founded reservations about the efficacy of a Do-Not-E-Mail list,” said Nicholas Graham, an AOL spokesman. “They’re heading in the right direction when they place authentication as the most important next step. AOL has been working on authentication for the last weeks and months.”

AOL is implementing Sender Policy Framework (SPF) email authentication and hopes to have the protocol in place by the end of summer.

The giant ISP is working with the other Big Three ISPs, Earthlink, MSN and Yahoo, to “rally around a single technical standard when it comes to authentication of email,” Graham said.

“We are encouraged by the FTC’s decision because we strongly believe that solving the authentication issue is a critical step in protecting users from spam and email forgery. We have made real progress with the DomainKeys cryptographic authentication solution,” said Mary Osako, a Yahoo spokeswoman.

DomainKeys is Yahoo’s authentication proposal, which uses encryption of digital signatures.

“Microsoft supports the FTC’s decision to forgo the establishment of a Do-Not-Email registry,” a spokesman said, adding that the company also supports the FTC’s statement that authentication technology is necessary in spam-fighting.

Microsoft is in the process of integrating SPF with its own Caller ID for E-Mail authentication protocol. The spokesman said progress is being made.

The resultant Internet specification to authenticate the origin of email – Sender ID – “will be submitted to the Internet Engineering Task Force (IETF) within weeks,” the spokesman noted.

The FTC’s decision “pretty much mirrors of the perception of the effect of the [Do Not E-Mail] list throughout the email service providers’ community, in that it would not prevent spam but could actually increase the amount of spam recipients get,” notes Kirill Popov, director of ISP relations and deliverability of EMailLabs. “Until we get to a point where everybody’s using authentication and it’s easy to trace who is breaking the law, such a list will not be feasible.”

Concurring with Popov, Tricia Robinson, VP Marketing for ESP Socketware, said, “There’s no doubt that authentication technologies such as Caller ID and SPF can have a significant impact on the amount of spam delivered to the inbox. When fully implemented by ISPs, we should see the amount of spam dramatically decrease, thus providing a healthier inbox for the legitimate email marketer.”

Commenting on the Do-Not-E-Mail list and authentication, Anne Mitchell, CEO of the Institute for Spam and Public Policy, said, “They are two different things that are not mutually exclusive. The FTC said the Do-Not-E-Mail registry would not be helpful until authentication is in place. This is a horse and cart scenario. Authentication is the horse that must pull the cart.”

Related reading