Opinion: The commission points out that a do-not-spam registry wouldn't work now. Establishing an authentication system makes a lot more sense, and it would gain widespread acceptance with the backing of large mail providers, Larry Seltzer writes.
Its always gratifying, and a relief, to see government make a good decision. It just seems to stand out when they do.
The news this time is about the Federal Trade Commissions report to Congress that a Do-Not-Spam registry is a bad and impractical idea.
Not only did the FTC make the point that a registry wont work now, but it also made the constructive point that what e-mail needs first is an authentication system. You cant enforce a do-not-spam rule until you can demonstrate who actually sent an e-mail. They really do get it.
The industry and standards groups have been working at warp speed, as these things go, to develop an SMTP authentication standard.
I think its going to happen and it will be adopted by enough of the large mail providers that it will pick up steam and gain widespread acceptance. It will reach the point where admins will be able to treat unauthenticated mail as second class or, perhaps, just send it to /dev/null.
But if the industry doesnt agree on an authentication standard, the FTC thinks the law should mandate one. This is probably just supposed to be a fire under the industrys butt, but it could be interesting because the discussions in standards group MARID (MTA Authorization Records in DNS)
have been contentious over some specifics of implementation.
Read more here about the move toward authentication.
But I really dont think it matters that the implementation is controversial as long as it is accepted by enough major companies. Critical mass will force people to implement it.
I wasnt surprised to see New York Sen. Chuck Schumer complain about the decision (registration required).
Schumer seems to think that the FTC simply lacks the will to declare a registry, but what it truly lacks is the will to make a gesture that is, at best, for appearances sake.
The CAN-SPAM Act ordered the FTC to study the potential for such a list and report back to Congress, and this report is the result. In the face of the other parts of CAN-SPAM,
lets think about what value a do-not-spam registry could bring.
Almost all of the spam I get is in violation of multiple provisions of the new anti-spam law. If you could enforce those rules, spam wouldnt be a problem anymore. But of course, CAN-SPAM doesnt eliminate that spam, and its not clear that it can.
Why does anyone think a registry could make a difference?