Modernizing Authentication — What It Takes to Transform Secure Access
As part of the federal CAN-SPAM Act, which became law in January, the FTC was mandated to report on the feasibility of establishing a National Do Not E-Mail Registry, similar to the wildly successful Do-Not-Call registry. Today, the FTC published its report, which concluded the idea is a wash.
''We learned that when it comes down to it, consumers will be spammed if we do a registry and spammed if we do not,'' FTC Chairman Timothy Muris told reporters at a press conference today. ''Spammers would ignore the law,'' Muris said. ''Even worse, they'd use the registry as a source of valid -- and spammable -- addresses. It would be virtually impossible to stop them.''
According to the report, a national registry would fail to reduce the amount of spam consumers receive, might increase it, and could not be enforced effectively.
To jump-start these efforts, the FTC will sponsor a Fall 2004 Authentication Summit.
''Without an effective system for authenticating the source of e-mail,'' Muris said, ''any registry will fail.''
In February 2004, the Commission issued a Request for Information from businesses with the technical sophistication to design and manage a National Do Not Email Registry of about 300 million to 450 million addresses.
They then culled the 13 responses into three models: a centralized database for individuals similar to the Do-Not-Call Registry; letting ISPs and domain name holders refuse spam to their entire domains; and the establishment of an FTC-approved forwarding service to which all commercial e-mails -- or even every e-mail -- would be sent. The forwarding service would deliver messages only to those e-mail addresses not on the registry
However, e-mail marketers would need to receive a copy of the registry so that they could remove the addresses from their own lists; spammers would simply e-mail to the list. In effect, the Do Not E-mail Registry would become the first extant list of good e-mail addresses. The report quotes the Association of National Advertisers as stating, ''[The] Registry would truly be the 'Fort Knox' list of e-mail addresses for a criminal spammer.''
Domain-level registration, the FTC concluded, ''would merely put the government's imprimatur on ISPs' existing anti-spam policies without reducing the scope of spam.''