FTC Shoots Down Spam Registry, Boosts Authentication Scheme

The FTC on Tuesday told Congress that a proposed Do Not E-mail registry was unworkable until a universal e-mail authentication standard was adopted.

The Federal Trade Commission on Tuesday told Congress that a proposed National Do Not E-mail registry was unworkable until a universal e-mail authentication standard was adopted. However, this technological step may in turn make such a registry unnecessary.

The announcement should give another boost to fast-moving initiatives to better authenticate senders of e-mail by improving SMTP, the transport protocol used by e-mail servers. Such authentication would eliminate most spam, say its proponents.

Microsoft Corp.s CallerID initiative recently joined forces with the private Sender Policy Framework group to form the leading e-mail authentication effort. Yahoo Inc. continues to develop its Domain Keys initiative in parallel.

"Do not call works because the phone system has accountability," said Meng Weng Wong, founder of the SPF group and CTO with the IC Group Inc., of Philadelphia, which offers the e-mail forwarding service Pobox.com.

"Telemarketers have to honor the list because if they dont theyll get caught. Because email today has no accountability, a do not e-mail list would be more like a do not break into my house list," Wong continued.

According to Wong, the FTCs move on Tuesday was evidence that legal efforts to stop spam were waiting for technological efforts to catch up.

The FTC in its report to Congress said that it would sponsor an Authentication Summit in the fall "to encourage a thorough analysis of possible authentication systems and their swift deployment."

In the meantime, establishing a Do Not E-mail Registry before such an authentication system has been widely adopted wouldnt reduce spam, might increase it, and would be largely unenforceable, the Commission said.

The Commission was responding to the December 2003, Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) which called for the FTC to develop a plan and timetable for establishing a National Do Not E-mail Registry; explain any practical, technical, security, privacy, enforcement, or other concerns; and explain how a Registry would be applied with respect to children with e-mail accounts.

/zimages/1/28571.gifSome six months after Congress passed a law to reduce the amount of junk e-mail flooding the nations in-boxes, industry experts widely agree that the opposite has occurred: Were getting more spam than ever before. Click here to read more.

The agency said that without sender authentication in place, such a list could become a "National Do Spam" list since it would provide spammers with a registry of valid e-mail addresses.

Michael Sippey, managing director at the Denver e-mail solutions agency Quris Inc., said the FTC was making a smart move by abandoning the Do Not Email List idea for now.

"Federal e-mail authentication is not necessary, now that MS and [America Online Inc.] are doing to do SPF and AOL is in beta checking for SPF from senders," said Sippey, through a spokesman. "We are down the right path in dealing with server anonymity issues of spam."

Next Page: The Quest for a Registry Solution