Favors Origin-Authenticating Technologies Instead

By Published on .

NEW YORK (AdAge.com) -- Rejecting the concept of a national e-mail registry akin to the telemarketing Do Not Call Registry, the Federal Trade Commission on Tuesday told Congress it favors spam controls based on authenticating technologies that can verify the source of an e-mail message.

FTC Chairman Timothy J. Muris made the announcement at a press conference in Washington.

The FTC study of potential spam-blocking techniques was required by Can-Spam Act passed by Congress in December of last year. Some legislators viewed the widely acknowledged success of the national do-not-call telemarketing list as the most likely model for controlling the tidal wave of unsolicited pitches that wash across the nation's e-mail networks every day.

Opposite effect
Mr. Muris explained that a do-not-e-mail list could actually have the opposite effect because it would provide spammers with a vast store of working e-mail addresses they could add to the lists they currently use for blasting out billions of e-mail sales pitches sent in a manner designed to hide the identities of their sender and point or origin.

Also calling such a registry "ineffective and hard to use for consumers," Mr. Muris said his agency was recommending that Internet service providers develop authentication systems to verify that commercial e-mail is not spam. Toward that end, he said the FTC would organize an "authentication summit" in the fall. He did not recommend a specific standard for authentication.

Separate and competing authentication systems developed by the nation's largest ISPs are already being evaluated by an Internet standard-setting group, Dan Salzberg, assistant director of marketing practices at the FTC, said in a later interview.

'Building a foundation'
E-mail marketers expressed cautious optimism about the news. "This is like building a foundation for a house," said Quinn Jalli, director of privacy and ISP relations at e-mail marketing firm Digital Impact. "You don't yet have your house, but it's a great first step."

Howard Beales, director of the Bureau of Consumer Protection, in comments following Mr. Muris' announcement said, "I wasn't wild about doing the study, but that instinct was wrong because of the success of the do-not-call registry, someone had to do this study."

More than half of all U.S. adults have signed up for the do-not-call list blocking telemarketers from contacting them by phone, according to a Harris Interactive survey released in February.

But there are major differences between the do-not-call list and a registry for e-mail, Mr. Beales said. For instance, telemarketers are generally doing business openly, using their actual identities, while spammers hide their identities and the source of their e-mail messages through the use of deceptive techniques such as "phishing" and "spoofing."

Phishing and spoofing
Phishing involves the creation of e-mail messages that appear to have been sent by a mainstream corporation and link recipients back to bogus Web pages that look like those of the real corporation. Those fraudulent pages attempt to get users to "verify" their accounts and provide personal identification and financial information that can subsequently facilitate various forms of electronic theft. PayPay, eBay and various banks have been heavily targeted by phisers.

Spoofing is what happens when a worm or virus is used by a spammer to infect large numbers of PCs, stealing e-mail addresses and then inserting those addresses as the apparent source of spammed messsages.

Authentication is a technology that checks whether an e-mail comes from the domain it claims to come from, Mr. Muris said. If it doesn’t come from the domain it claims to come from, then the ISP can assume it is spam and block it.

"The thought is that if domain spoofing can be stopped, it will provide the ISPs with a real leg up on stopping spam because it will enable the various spam filters to filter more aggressively," said Marc Lallaman, a spokesman for Microsoft's anti-spam technology and strategy.

For the federal government to develop an authentication standard would require Congress to get involved, according to the FTC.

Private-market proposals
"Chairman Muris is saying that the FTC's authentication summit is intended to move these private-market proposals from the drawing board to something that can be implemented quickly and effectively," Mr. Salzburg of the FTC said. "We want to make sure that the standards that are set up are really standards -- not something that would give an advantage to [whatever company] comes up with the standard."

"Getting everyone to sit at the table and adopt a common standard is going to be very difficult at this stage of the game," said Al DiGuido, CEO of e-mail marketing firm Bigfoot Interactive.

Mr. DiGuido favors a digital postage stamp system in which legitimate bulk senders would pay a fee for each message. "It would give the ISPs a way to profit financially by adopting one standard," he said.

Most Popular
In this article: