FTC nixes "do-not-spam" list.
In the CAN-SPAM law passed last December, Congress ordered the commission to investigate the feasibility of allowing e-mail users to place their e-mail addresses in a registry for those who do not want unsolicited messages. In its report, the FTC said anti-spam efforts should instead focus on creating a robust e-mail authentication system that would prevent spammers from hiding their tracks and thereby evading Internet service providers' (ISPs) anti-spam filters and law enforcement.
The FTC's report analyzed three types of possible registry models, consulted with more than 80 individuals representing more than 50 organizations including consumer groups, e-mail marketers, and anti-spam advocates, and discussed solutions with ISPs and computer scientists. The report concluded that none of the three models could be enforced effectively and may actually result in registered addresses receiving more spam because spammers would use such a registry as a directory of valid e-mail addresses. The FTC noted that the most promising way to reduce spam is to create a sender-authentication standard--technology that can verify that an e-mail message was sent from the address that it claims to be from.
According to the report, "without effective authentication of e-mail, any registry is doomed to fail. With authentication, better CAN-SPAM Act enforcement and better filtering by ISPs may even make a registry unnecessary."
The commission said it would allow the private sector to determine which authentication standard should be employed. If a standard does not emerge, the commission proposed creating a federal advisory committee to encourage the adoption of one. The big ISPs have been arguing for more than a year about how to create such a sender authentication system. But in May, Microsoft agreed to merge its proposal, "Caller ID," with Sender Policy Framework, which is used by America Online and EarthLink. The new name of the combined standard is "Sender ID." Yahoo said it would probably begin using both Sender ID and Domain Keys, a different approach, by the end of the year. Sender ID allows an organization or ISP to designate certain Internet protocol (IP) addresses as the computers that are authorized to send e-mail on its behalf. Any e-mail that pretended to be from that organization but was not from those designated IP numbers would be suspect. The Domain Keys solution tries to verify the actual sender of a message, not the computer used to send it. America Online and EarthLink said they would also use Domain Keys by the end of 2004.
A solution is desperately needed. A recent Nucleus Research Inc. survey said spam will cost large companies nearly $2,000 per employee in lost productivity this year, despite improved blocking technology and legislation. Spam currently accounts for more than 70 percent of total e-mail volume worldwide, according to anti-spam filtering company Postini Inc.
The United Nations recently announced that it would standardize legislation to make it easier to prosecute senders of junk e-mail. At the International Telecommunications Union meeting in Geneva in July, the U.N. agency said it would present examples of anti-spam legislation that countries can adopt to make cross-border cooperation easier. Many countries currently have no anti-spamming laws in place, making prosecution difficult. As much as 85 percent of e-mail may be categorized as spam, according to the ITU, compared to 35 percent just one year ago. Spam and anti-spam protection cost computer users $25 billion in 2003, according to the United Nations.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Up front: news, trends & analysis; Federal Trade Commission|
|Publication:||Information Management Journal|
|Date:||Sep 1, 2004|
|Previous Article:||Catalyst or cataclysm?|
|Next Article:||Company fined for renting out customer data.|